991011 – (CVE-2016-6503) VUL-1: CVE-2016-6503: wireshark: CORBA IDL dissector crash on 64-bit Windows (wnpa-sec-2016-39)

Bug 991011 (CVE-2016-6503) - VUL-1: CVE-2016-6503: wireshark: CORBA IDL dissector crash on 64-bit Windows (wnpa-sec-2016-39)

Summary: VUL-1: CVE-2016-6503: wireshark: CORBA IDL dissector crash on 64-bit Windows ...

Status:	RESOLVED WORKSFORME

Alias:	CVE-2016-6503

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Windows 10

Priority:	P5 - None Severity: Minor
Target Milestone:	---
Assignee:	Lingshan Zhu
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2016-6503:4.3:(AV:N/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-07-28 09:53 UTC by Andreas Stieger
Modified:	2016-08-02 09:38 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2016-07-28 09:53:06 UTC

Wireshark 2.0.5 and 1.12.13
https://www.wireshark.org/lists/wireshark-announce/201607/msg00001.html
https://www.wireshark.org/lists/wireshark-announce/201607/msg00002.html

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4, fixed in 2.0.5

https://www.wireshark.org/security/wnpa-sec-2016-39.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495

Comment 1 Andreas Stieger 2016-07-28 11:18:10 UTC

Windows only.