Found another CVE hanging:
CVE-2007-4721: Integer signedness error in the DNP3 dissector in Wireshark 0.99.5 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain DNP3 packet.
The fix is quite easy, reading the explanation on http://archives.neohapsis.com/archives/bugtraq/2007-09/0030.html:
- guint16 al_obj, temp16=0, al_val16=0, al_ctlobj_stat; - guint32 al_val32, num_items=0, al_ptaddr=0, al_ctlobj_on, al_ctlobj_off; + guint16 al_obj, al_val16=0, al_ctlobj_stat; + guint32 al_val32, num_items=0, al_ptaddr=0, al_ctlobj_on, al_ctlobj_off, temp16=0;
PLease have a look at temp16...before it, it was a unsigned 16bit int, but it needs to be a unsigned 32bit int.
Found another CVE hanging:
CVE-2007-4721:
Integer signedness error in the DNP3 dissector in
Wireshark 0.99.5 and earlier allows remote attackers to cause a denial of
service (infinite loop) via a certain DNP3 packet.
The fix is quite easy, reading the explanation on http:// archives. neohapsis. com/archives/ bugtraq/ 2007-09/ 0030.html:
- guint16 al_obj, temp16=0, al_val16=0, al_ctlobj_stat;
- guint32 al_val32, num_items=0, al_ptaddr=0, al_ctlobj_on, al_ctlobj_off;
+ guint16 al_obj, al_val16=0, al_ctlobj_stat;
+ guint32 al_val32, num_items=0, al_ptaddr=0, al_ctlobj_on, al_ctlobj_off, temp16=0;
PLease have a look at temp16...before it, it was a unsigned 16bit int, but it needs to be a unsigned 32bit int.