CVE-2011-0713 Wireshark: heap-based buffer overflow when reading malformed Nokia DCT3 phone signalling traces

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 affects ubuntu/wireshark
 status inprogress
 assignee udienz
 importance medium
 security yes
 private yes
 done

Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0713 to
the following vulnerability:

Name: CVE-2011-0713
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0713
Assigned: 20110302
Reference:
    * MLIST:[oss-security] 20110216 wireshark dct3trace buffer overflow
    * URL:http://openwall.com/lists/oss-security/2011/02/16/13
    * CONFIRM:http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
    * CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html
    * CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html
    * CONFIRM:http://www.wireshark.org/security/wnpa-sec-2011-03.html
    * CONFIRM:http://www.wireshark.org/security/wnpa-sec-2011-04.html
    * CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=678198
    * BID:46416
    * URL:http://www.securityfocus.com/bid/46416
    * XF:wireshark-visualc-bo(65460)
    * URL:http://xforce.iss.net/xforce/xfdb/65460

Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0
through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause
a denial of service (application crash) or possibly have unspecified
other impact via a long record in a Nokia DCT3 trace file.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iF4EAREIAAYFAk10WEEACgkQdr7GbwjmqKVoWQD/fnHAl/6C4dKTBeowhiJM2d6J
NuCbNMMMUSXM04W0CFQA/Rxvryg91YegsiOZMAI+8JZYWXbnDWJUTOjJ6VxNUtKk
=+31r
-----END PGP SIGNATURE-----