==========================
==========================
===================

                           CERT-Renater

               Note d'Information No. 2014/VULN266
_____________________________________________________________________

DATE                : 13/11/2014

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Wireshark versions 1.12.x, 1.10.x
                       prior to 1.12.2, 1.10.11.

==========================
==========================
====================
https://www.wireshark.org/security/wnpa-sec-2014-23.html
______________________________________________________________________

wnpa-sec-2014-23 · TN5250 infinite loops

Summary

Name: TN5250 infinite loops

Docid: wnpa-sec-2014-23

Date: November 12, 2014

Affected versions: 1.12.0 to 1.12.1, 1.10.0 to 1.10.10

Fixed versions: 1.12.2, 1.10.11

References:
Wireshark bug 10596
CVE-2014-8714


Details


Description

The TN5250 dissector could go into an infinite loop.


Impact

It may be possible to make Wireshark consume excessive CPU resources by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.


Resolution

Upgrade to Wireshark 1.12.2, 1.10.11 or later.

==========================
==========================
=======
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================
==========================
========
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================
==========================
========