Package: wireshark
Severity: grave
Tags: security

Hi,
from: http://www.wireshark.org/security/wnpa-sec-2007-03.html

Wireshark 0.99.7 fixes the following vulnerabilities: 
Wireshark could crash when reading an MP3 file. 
Versions affected: 0.99.6 
Beyond Security discovered that Wireshark could loop excessively while reading 
a malformed DNP packet. 
Versions affected: 0.10.12 to 0.99.6 
Stefan Esser discovered a buffer overflow in the SSL dissector. 
Versions affected: 0.99.0 to 0.99.6 
The ANSI MAP dissector could be susceptible to a buffer overflow on some 
platforms. (Bug 1844) 
Versions affected: 0.99.5 to 0.99.6 
The Firebird/Interbase dissector could go into an infinite loop or crash. (Bugs 
1931 and 1932) 
Versions affected: 0.99.6 
The NCP dissector could cause a crash. 
Versions affected: 0.99.6 
The HTTP dissector could crash on some systems while decoding chunked messages. 
Versions affected: 0.10.14 to 0.99.6 
The MEGACO dissector could enter a large loop and consume system resources. 
Versions affected: 0.9.14 to 0.99.6 
The DCP ETSI dissector could enter a large loop and consume system resources. 
Versions affected: 0.99.6 
Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication 
trace file parser. (Bug 1926) 
Versions affected: 0.99.0 to 0.99.6 
The PPP dissector could overflow a buffer. 
Versions affected: 0.99.6 
The Bluetooth SDP dissector could go into an infinite loop. 
Versions affected: 0.99.2 to 0.99.6 
A malformed RPC Portmap packet could cause a crash. (Bug 1998) 
Versions affected: 0.8.16 to 0.99.6

CVE ids for this are pending, I will add them to this bug report if
I got them.

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpHwasLOP3HC.pgp
Description: PGP signature

Reply via email to