Opened 3 years ago

Closed 3 years ago

#14582 closed enhancement (fixed)

wireshark-3.4.3

Reported by: ken@… Owned by: Douglas R. Reno
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

I was browsing https://www.wireshark.org/security/ re vulnerabilities to identify when I noticed that two of them, wnpa-sec-2021-01/2 (memory leak, crash) were fixed in 3.4.3.

Looking for that I see that it was just released (29th january). Since crashes and memory leaks seem to attract CVEs, I'm marking this as High.

Change History (5)

comment:1 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 3 years ago

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2021-01 USB HID dissector memory leak. Bug 17124. CVE-2021-22173.

    wnpa-sec-2021-02 USB HID dissector crash. Bug 17165. CVE-2021-22174.

The following bugs have been fixed:

    SIP response single-line multiple Contact-URIs decoding error Bug 13752.

    Adding filter while "Telephony→VoIP Calls→Flow Sequence" open causes OOB memory reads and potential crashes. Bug 16952.

    QUIC packet not fully dissected Bug 17077.

    SOMEIP-SD hidden entries are off Bug 17091.

    Problem with calculation on UDP checksum in SRv6 Bug 17097.

    Dark mode not working in Wireshark 3.4.2 on macOS Bug 17098.

    Wireshark 3.4.0: build failure on older MacOS releases, due to 'CLOCK_REALTIME' Bug 17101.

    TECMP: Status Capture Module messages shows 3 instead of 2 bytes for HW version Bug 17133.

    Documentation - editorial error - README.dissector bad reference Bug 17141.

    Cannot save capture with comments to a format that doesn’t support it (no pop-up) Bug 17146.

    AUTOSAR-NM: PNI TF-String wrong way around Bug 17154.

    Fibre Channel parsing errors even with the fix for #17084 Bug 17168.

    f5ethtrailer: Won’t find a trailer after an FCS that begins with a 0x00 byte Bug 17171.

    f5ethtrailer: legacy format, low noise only, no vip name trailers no longer detected Bug 17172.

    Buildbot crash output: fuzz-2021-01-22-3387835.pcap Bug 17174.

    Dissection error on large ZVT packets Bug 17177.

    TShark crashes with -T ek option Bug 17179.

New and Updated Features
New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

AUTOSAR-NM, DHCPv6, DoIP, FC ELS, GQUIC, IPv6, NAS 5GS, NAS EPS, QUIC, SIP, SOME/IP-SD, TECMP, TLS, TPNCP, USB HID, and ZVT
New and Updated Capture File Support

f5ethtrailer and pcapng

comment:3 by Douglas R. Reno, 3 years ago

WNPA-SEC-2021-01 (CVE-2021-22173)

Summary

Name: USB HID dissector memory leak

Docid: wnpa-sec-2021-01

Date: January 29, 2021

Affected versions: 3.4.0 to 3.4.2

Fixed versions: 3.4.3

References:
Wireshark bug 17124

Details
Description

The USB HID dissector could leak memory.

Impact

It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 3.4.3 or later. 

comment:4 by Douglas R. Reno, 3 years ago

WNPA-SEC-2021-02 (CVE-2021-22174)

Summary

Name: USB HID dissector crash

Docid: wnpa-sec-2021-02

Date: January 29, 2021

Affected versions: 3.4.0 to 3.4.2

Fixed versions: 3.4.3

References:
Wireshark bug 17165

Details
Description

The USB HID dissector could crash.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 3.4.3 or later. 

comment:5 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r24158

Note: See TracTickets for help on using tickets.