Bug 991022 (CVE-2016-6513) - VUL-1: CVE-2016-6513: wireshark: WBXML crash (wnpa-sec-2016-49)
Summary: VUL-1: CVE-2016-6513: wireshark: WBXML crash (wnpa-sec-2016-49)
Status: RESOLVED FIXED
Alias: CVE-2016-6513
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 42.1
: P4 - Low : Minor
Target Milestone: ---
Assignee: Andreas Stieger
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-28 09:59 UTC by Andreas Stieger
Modified: 2016-08-02 08:11 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-07-28 09:59:27 UTC 
Wireshark 2.0.5 and 1.12.13
https://www.wireshark.org/lists/wireshark-announce/201607/msg00001.html
https://www.wireshark.org/lists/wireshark-announce/201607/msg00002.html

The WBXML dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affects 2.0.0 to 2.0.4, fixed in 2.0.5
https://www.wireshark.org/security/wnpa-sec-2016-49.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663
Comment 1 Andreas Stieger 2016-07-28 11:20:48 UTC 
Affecting Wireshark on openSUSE only.
Comment 3 Swamp Workflow Management 2016-07-28 22:01:42 UTC 
bugbot adjusting priority
Comment 4 Bernhard Wiedemann 2016-07-28 22:02:16 UTC 
This is an autogenerated message for OBS integration:
This bug (991022) was mentioned in
https://build.opensuse.org/request/show/415693 Factory / wireshark
Comment 5 Bernhard Wiedemann 2016-08-01 20:02:13 UTC 
This is an autogenerated message for OBS integration:
This bug (991022) was mentioned in
https://build.opensuse.org/request/show/416463 Factory / wireshark
Comment 6 Andreas Stieger 2016-08-02 08:11:13 UTC 
network:utilities/wireshark and Tumbleweed only.
Submitted to openSUSE:Factory, closing.