Name: Multiple vulnerabilities in Wireshark® version
1.2.0 to 1.2.9
Date: July 29, 2010
Versions affected: 1.2.0 up to and including
Related: wnpa-sec-2010-07 (Vulnerabilities in Wireshark® version 0.10.8 to 1.0.14 )
Wireshark 1.2.10 fixes the following vulnerabilities:
The SigComp Universal Decompressor Virtual Machine could overrun a buffer.
Versions affected: 0.10.8 to 1.0.14, 1.2.0 to 1.2.9
Due to a regression the ASN.1 BER dissector could exhaust stack memory.
Versions affected: 0.10.13 to 1.0.14, 1.2.0 to 1.2.9
The GSM A RR dissector could crash.
Versions affected: 1.2.2 to 1.2.9
The IPMI dissector could go into an infinite loop.
Versions affected: 1.2.0 to 1.2.9
It may be possible to make Wireshark crash, hang, or execute code by injecting a
series of malformed packets onto the wire or by convincing someone to read a
malformed packet trace file.
Upgrade to Wireshark 1.2.10 or later.
Due to the nature of these bugs we do not recommend trying to work around the
problem by disabling dissectors.