mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

wireshark: fix for CVE-2025-13946

Browse Source 
Pick patch from [1] also mentioned at NVD report in [2]

[1] https://gitlab.com/wireshark/wireshark/-/issues/20884
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-13946
[3] https://security-tracker.debian.org/tracker/CVE-2025-13946

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Hitendra Prajapati
2026-05-05 17:54:31 +05:30
committed by Anuj Mittal
parent ae7dfb1224
commit fb4ebd1200
2 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-support/wireshark/files/CVE-2025-13946.patch
+51
View File
@@ -0,0 +1,51 @@
From aba1fbe6266beb6bf9b887b6eab008e4f4841c9b Mon Sep 17 00:00:00 2001
From: AndersBroman <a.broman58@gmail.com>
Date: Mon, 1 Dec 2025 08:41:55 +0100
Subject: MEGACO: Handle tvb_get_uint8 returning -1
When dissecting a media descriptor, handle tvb_get_uint8 returning
-1 when searching for a left or right bracket and not finding it
by setting the bracket offset to the end offset so that the loop
will exit. Leaving it at -1 can cause going backwards and at worst
infinite loops.
Fix #20884
(cherry picked from commit aba1fbe6266beb6bf9b887b6eab008e4f4841c9b)
Co-authored-by: John Thacker <johnthacker@gmail.com>
origin: https://gitlab.com/wireshark/wireshark/-/merge_requests/22553
CVE: CVE-2025-13946
Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/aba1fbe6266beb6bf9b887b6eab008e4f4841c9b]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
epan/dissectors/packet-megaco.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/epan/dissectors/packet-megaco.c b/epan/dissectors/packet-megaco.c
index 327b849..abf2078 100644
--- a/epan/dissectors/packet-megaco.c
+++ b/epan/dissectors/packet-megaco.c
@@ -1775,8 +1775,15 @@ dissect_megaco_mediadescriptor(tvbuff_t *tvb, proto_tree *megaco_tree_command_li
mediaParm = find_megaco_mediaParm_names(tvb, tvb_current_offset, tokenlen);
tvb_LBRKT = tvb_find_guint8(tvb, tvb_next_offset , tvb_last_RBRKT, '{');
- tvb_next_offset = tvb_find_guint8(tvb, tvb_current_offset+1 , tvb_last_RBRKT, '}');
- tvb_RBRKT = tvb_next_offset;
+ if (tvb_LBRKT == -1) {
+ // Not found, use the end offset.
+ tvb_LBRKT = tvb_last_RBRKT;
+ }
+ tvb_RBRKT = tvb_find_guint8(tvb, tvb_current_offset+1 , tvb_last_RBRKT, '}');
+ if (tvb_RBRKT == -1) {
+ // Not found, use the end offset.
+ tvb_RBRKT = tvb_last_RBRKT;
+ }
switch ( mediaParm ){
case MEGACO_LOCAL_TOKEN:
--
2.50.1
meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb
+1
View File
@@ -19,6 +19,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
file://CVE-2026-0962.patch \
file://CVE-2026-3201.patch \
file://CVE-2026-0960.patch \
file://CVE-2025-13946.patch \
"
UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"