Bug 1056250 (CVE-2017-13764) - VUL-1: CVE-2017-13764: wireshark: Modbus dissector crash
Summary: VUL-1: CVE-2017-13764: wireshark: Modbus dissector crash
Status: RESOLVED FIXED
Alias: CVE-2017-13764
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 42.3
: P5 - None : Normal
Target Milestone: ---
Assignee: Andreas Stieger
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/191173/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-29 21:32 UTC by Andreas Stieger
Modified: 2017-08-30 16:01 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-08-29 21:32:52 UTC 
https://www.wireshark.org/security/wnpa-sec-2017-40.html

Name: Modbus dissector crash
Docid: wnpa-sec-2017-40
Date: August 29, 2017
Affected versions: 2.4.0
Fixed versions: 2.4.1

References: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925

The Modbus dissector could crash.

Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Comment 1 Andreas Stieger 2017-08-29 21:36:25 UTC 
SLE is at 2.2.8, openSUSE only
Comment 2 Bernhard Wiedemann 2017-08-29 22:00:36 UTC 
This is an autogenerated message for OBS integration:
This bug (1056250) was mentioned in
https://build.opensuse.org/request/show/519571 Factory / wireshark
Comment 3 Andreas Stieger 2017-08-29 22:01:17 UTC 
Tumbleweed only actually, fixed.
Comment 4 Marcus Meissner 2017-08-30 13:15:45 UTC 
CVE-2017-13764
Comment 5 Bernhard Wiedemann 2017-08-30 14:01:38 UTC 
This is an autogenerated message for OBS integration:
This bug (1056250) was mentioned in
https://build.opensuse.org/request/show/519679 Factory / wireshark
Comment 6 Bernhard Wiedemann 2017-08-30 16:01:22 UTC 
This is an autogenerated message for OBS integration:
This bug (1056250) was mentioned in
https://build.opensuse.org/request/show/519687 Factory / wireshark