|Bugzilla:||639486: CVE-2010-3445 wireshark: stack overflow in BER dissector|
The MITRE CVE dictionary describes this issue as:
Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update to wireshark in Red Hat Enterprise Linux 4 and 5 may address this flaw.
This issue was addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2010-0924.html.
CVSS v2 metrics
|Access Vector:||Adjacent Network|
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 4 (wireshark)||RHSA-2011:0370||March 21, 2011|
|Red Hat Enterprise Linux version 5 (wireshark)||RHSA-2011:0370||March 21, 2011|
|Red Hat Enterprise Linux version 6 (wireshark)||RHSA-2010:0924||November 30, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.