wireshark: fix CVE-2025-13499

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2025-12-11 11:35:11 +0530
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-16 08:41:05 +0100
commit: ea388c67e4d2a86fc2712b899c3a8a5bd703286a (patch)
tree: 8c62dba2cd57ea5ed18baaf238a65b51166c9d9c
parent: b1e0fadb72fd8b5d2ce3161becbe0062057cf5f4 (diff)
download: meta-openembedded-ea388c67e4d2a86fc2712b899c3a8a5bd703286a.tar.gz
2 files changed, 42 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch
new file mode 100644
index 0000000000..cfae581608
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch
@@ -0,0 +1,41 @@
+From e180152d3dae668249f78c72a55a4ba436b57af7 Mon Sep 17 00:00:00 2001
+From: Darius Davis <darius-wireshark@free-range.com.au>
+Date: Sat, 25 Oct 2025 15:01:34 +1000
+Subject: [PATCH] Kafka: Fix decompress_snappy with no xerial chunks.
+Instead of returning true without setting outputs, report a failure to
+decompress and return false to the caller.
+Fix #20823
+(cherry picked from commit 49137f8ce93c9f7ac55b69c8e089ba6a422f633e)
+CVE: CVE-2025-13499
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-kafka.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c
+index 5fe32f7..7b5ac03 100644
+--- a/epan/dissectors/packet-kafka.c
+++ b/epan/dissectors/packet-kafka.c
+@@ -1788,12 +1788,12 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length,
+         if (rc != SNAPPY_OK) {
+             goto end;
+         }
+        ret = composite_tvb != NULL;
+ 
+         *decompressed_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, (guint)uncompressed_size, (gint)uncompressed_size);
+         *decompressed_offset = 0;
+-
+       ret = TRUE;
+     }
+-    ret = TRUE;
+ end:
+     if (composite_tvb) {
+         tvb_composite_finalize(composite_tvb);
+-- 
+2.50.1
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
index 0a523013ca..0cc0dfa3d7 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -31,6 +31,7 @@ SRC_URI += " \
    file://CVE-2023-4511.patch \
    file://CVE-2023-6175.patch \
    file://CVE-2024-2955.patch \
+    file://CVE-2025-13499.patch \
 "
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
author	Hitendra Prajapati <hprajapati@mvista.com>	2025-12-11 11:35:11 +0530
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-16 08:41:05 +0100
commit	ea388c67e4d2a86fc2712b899c3a8a5bd703286a (patch)
tree	8c62dba2cd57ea5ed18baaf238a65b51166c9d9c
parent	b1e0fadb72fd8b5d2ce3161becbe0062057cf5f4 (diff)
download	meta-openembedded-ea388c67e4d2a86fc2712b899c3a8a5bd703286a.tar.gz

diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch new file mode 100644 index 0000000000..cfae581608 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch
@@ -0,0 +1,41 @@
		1	From e180152d3dae668249f78c72a55a4ba436b57af7 Mon Sep 17 00:00:00 2001
		2	From: Darius Davis <darius-wireshark@free-range.com.au>
		3	Date: Sat, 25 Oct 2025 15:01:34 +1000
		4	Subject: [PATCH] Kafka: Fix decompress_snappy with no xerial chunks.
		5
		6	Instead of returning true without setting outputs, report a failure to
		7	decompress and return false to the caller.
		8
		9	Fix #20823
		10
		11	(cherry picked from commit 49137f8ce93c9f7ac55b69c8e089ba6a422f633e)
		12
		13	CVE: CVE-2025-13499
		14	Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7]
		15	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		16	---
		17	epan/dissectors/packet-kafka.c \| 4 ++--
		18	1 file changed, 2 insertions(+), 2 deletions(-)
		19
		20	diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c
		21	index 5fe32f7..7b5ac03 100644
		22	--- a/epan/dissectors/packet-kafka.c
		23	+++ b/epan/dissectors/packet-kafka.c
		24	@@ -1788,12 +1788,12 @@ decompress_snappy(tvbuff_t tvb, packet_info pinfo, int offset, guint32 length,
		25	if (rc != SNAPPY_OK) {
		26	goto end;
		27	}
		28	+ ret = composite_tvb != NULL;
		29
		30	*decompressed_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, (guint)uncompressed_size, (gint)uncompressed_size);
		31	*decompressed_offset = 0;
		32	-
		33	+ ret = TRUE;
		34	}
		35	- ret = TRUE;
		36	end:
		37	if (composite_tvb) {
		38	tvb_composite_finalize(composite_tvb);
		39	--
		40	2.50.1
		41


diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb index 0a523013ca..0cc0dfa3d7 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb
@@ -31,6 +31,7 @@ SRC_URI += " \
31	file://CVE-2023-4511.patch \	31	file://CVE-2023-4511.patch \
32	file://CVE-2023-6175.patch \	32	file://CVE-2023-6175.patch \
33	file://CVE-2024-2955.patch \	33	file://CVE-2024-2955.patch \
		34	file://CVE-2025-13499.patch \
34	"	35	"
35		36
36	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"	37	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"