Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7
Signed-off-by: Hitendra Prajapati <[email protected]> --- .../wireshark/files/CVE-2025-13499.patch | 41 +++++++++++++++++++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch new file mode 100644 index 0000000000..cfae581608 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch @@ -0,0 +1,41 @@ +From e180152d3dae668249f78c72a55a4ba436b57af7 Mon Sep 17 00:00:00 2001 +From: Darius Davis <[email protected]> +Date: Sat, 25 Oct 2025 15:01:34 +1000 +Subject: [PATCH] Kafka: Fix decompress_snappy with no xerial chunks. + +Instead of returning true without setting outputs, report a failure to +decompress and return false to the caller. + +Fix #20823 + +(cherry picked from commit 49137f8ce93c9f7ac55b69c8e089ba6a422f633e) + +CVE: CVE-2025-13499 +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7] +Signed-off-by: Hitendra Prajapati <[email protected]> +--- + epan/dissectors/packet-kafka.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c +index 5fe32f7..7b5ac03 100644 +--- a/epan/dissectors/packet-kafka.c ++++ b/epan/dissectors/packet-kafka.c +@@ -1788,12 +1788,12 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, + if (rc != SNAPPY_OK) { + goto end; + } ++ ret = composite_tvb != NULL; + + *decompressed_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, (guint)uncompressed_size, (gint)uncompressed_size); + *decompressed_offset = 0; +- ++ ret = TRUE; + } +- ret = TRUE; + end: + if (composite_tvb) { + tvb_composite_finalize(composite_tvb); +-- +2.50.1 + diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb index 0a523013ca..0cc0dfa3d7 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb @@ -31,6 +31,7 @@ SRC_URI += " \ file://CVE-2023-4511.patch \ file://CVE-2023-6175.patch \ file://CVE-2024-2955.patch \ + file://CVE-2025-13499.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"; -- 2.50.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122582): https://lists.openembedded.org/g/openembedded-devel/message/122582 Mute This Topic: https://lists.openembedded.org/mt/116725388/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
