FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wireshark -- multiple security issues

Affected packages
2.2.0 <= wireshark <= 2.2.9
2.4.0 <= wireshark <= 2.4.1

Details

VuXML ID 4684a426-774d-4390-aa19-b8dd481c4c94
Discovery 2017-10-10
Entry 2017-10-30

wireshark developers reports:

In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.

In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.

In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.

In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.

In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.

[source]

References

CVE Name CVE-2017-15189
CVE Name CVE-2017-15190
CVE Name CVE-2017-15191
CVE Name CVE-2017-15192
CVE Name CVE-2017-15193
URL http://www.securityfocus.com/bid/101227
URL http://www.securityfocus.com/bid/101228
URL http://www.securityfocus.com/bid/101229
URL http://www.securityfocus.com/bid/101235
URL http://www.securityfocus.com/bid/101240
URL https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049
URL https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056
URL https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068
URL https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077
URL https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
URL https://code.wireshark.org/review/23470
URL https://code.wireshark.org/review/23537
URL https://code.wireshark.org/review/23591
URL https://code.wireshark.org/review/23635
URL https://code.wireshark.org/review/23663
URL https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3689dc1db36037436b1616715f9a3f888fc9a0f6
URL https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8
URL https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8dbb21dfde14221dab09b6b9c7719b9067c1f06e
URL https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afb9ff7982971aba6e42472de0db4c1bedfc641b
URL https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0
URL https://www.wireshark.org/security/wnpa-sec-2017-42.html
URL https://www.wireshark.org/security/wnpa-sec-2017-43.html
URL https://www.wireshark.org/security/wnpa-sec-2017-44.html
URL https://www.wireshark.org/security/wnpa-sec-2017-45.html
URL https://www.wireshark.org/security/wnpa-sec-2017-46.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.