Package: wireshark
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wireshark.

CVE-2011-2175[0]:
| Integer underflow in the visual_read function in wiretap/visual.c in
| Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote
| attackers to cause a denial of service (application crash) via a
| malformed Visual Networks file that triggers a heap-based buffer
| over-read.

CVE-2011-2174[1]:
| Double free vulnerability in the tvb_uncompress function in
| epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7
| allows remote attackers to cause a denial of service (application
| crash) via a packet with malformed data that uses zlib compression.

CVE-2011-1959[2]:
| The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before
| 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain
| virtualizable buffers, which allows remote attackers to cause a denial
| of service (application crash) via a large length value in a snoop
| file that triggers a stack-based buffer over-read.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2175
    http://security-tracker.debian.org/tracker/CVE-2011-2175
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2174
    http://security-tracker.debian.org/tracker/CVE-2011-2174
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959
    http://security-tracker.debian.org/tracker/CVE-2011-1959

-- 
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpbXneUQkmtR.pgp
Description: PGP signature

Reply via email to