https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2686
Summary: Wireshark uses insecure version of zlib
Product: Wireshark
Version: 1.0.1
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Critical
Priority: High
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: lonedesign_2k@xxxxxxxxx
Build Information:
Version 1.0.1 (SVN Rev 25639)
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Version in use: 1.2.2
Current release: 1.2.3 (July 18, 2005)
Fixes:
* Eliminate a potential security vulnerability(1) when decoding invalid
compressed data
* Eliminate a potential security vulnerability(2) when decoding specially
crafted compressed data
* Fix a bug when decompressing dynamic blocks with no distance codes
* Fix crc check bug in gzread() after gzungetc()
* Do not return an error when using gzread() on an empty file
(1) http://www.kb.cert.org/vuls/id/238678
(2) http://www.kb.cert.org/vuls/id/680620
http://www.zlib.net/
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
