|Bugzilla:||656456: CVE-2010-4300 Wireshark: Heap-based buffer overflow in LDSS dissector|
The MITRE CVE dictionary describes this issue as:
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.
This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include support for the Local Download Sharing Service (LDSS) protocol.
This issue was addressed in Red Hat Enterprise Linux 6 via
CVSS v2 metrics
|Access Vector:||Adjacent Network|
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 6 (wireshark)||RHSA-2010:0924||November 30, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.