There is a vulnerability Wireshark DEC DNA Routing Protocol Processing Error Lets Remote Users Deny Service Security Tracker Alert ID: 1032279 Security Tracker URL: http://securitytracker.com/id/1032279 Fixes an update to 1.12.5 this vulnerability? asked 26 May '15, 02:34  Sandy1972 |
2 Answers:
Is it listed in the release notes? answered 26 May '15, 07:31  Jaap ♦ |
Their claim that 1.12.4 is vulnerable appears to be bul^Wincorrect. The problem is due to a pointer-returning function not being properly declared, due to the header that declares it not being included, so that the compiler thinks the function returns an int, which it needs to widen to 64 bits on LP64 platforms, so the upper 32 bits of the pointer get chopped off and then either replaced by zeros (most 64-bit instruction sets) or replaced with the high-order bit of the lower 32 bits of the pointer (x86-64). In 1.12.4, the DEC DNA Routing Protocol dissector does include the header in question. In 1.10.x, it doesn't. So the bug doesn't exist in 1.12.4, so there's nothing to fix in 1.12.5. The bug does exist in 1.10.x, and should be fixed in the next 1.10.x release, which should be 1.10.15, and which has not yet been scheduled. answered 26 May '15, 16:08  Guy Harris ♦♦ |
No, because we just found out about it now.