summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHitendra Prajapati <hprajapati@mvista.com>2026-05-05 17:54:31 +0530
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-05-21 08:57:37 +0530
commitfb4ebd12001257d4ba0d88173c6bc5887e974f9b (patch)
treef33949e7de528f05f653f2ca839e9e104bdde5a5
parentae7dfb12245c7f9b9a353499e2688015bd4e6413 (diff)
downloadmeta-openembedded-fb4ebd12001257d4ba0d88173c6bc5887e974f9b.tar.gz
wireshark: fix for CVE-2025-13946
Pick patch from [1] also mentioned at NVD report in [2] [1] https://gitlab.com/wireshark/wireshark/-/issues/20884 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-13946 [3] https://security-tracker.debian.org/tracker/CVE-2025-13946 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
-rw-r--r--meta-networking/recipes-support/wireshark/files/CVE-2025-13946.patch51
-rw-r--r--meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb1
2 files changed, 52 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-13946.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-13946.patch
new file mode 100644
index 0000000000..40f5d316ad
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-13946.patch
@@ -0,0 +1,51 @@
1From aba1fbe6266beb6bf9b887b6eab008e4f4841c9b Mon Sep 17 00:00:00 2001
2From: AndersBroman <a.broman58@gmail.com>
3Date: Mon, 1 Dec 2025 08:41:55 +0100
4Subject: MEGACO: Handle tvb_get_uint8 returning -1
5
6When dissecting a media descriptor, handle tvb_get_uint8 returning
7-1 when searching for a left or right bracket and not finding it
8by setting the bracket offset to the end offset so that the loop
9will exit. Leaving it at -1 can cause going backwards and at worst
10infinite loops.
11
12Fix #20884
13
14(cherry picked from commit aba1fbe6266beb6bf9b887b6eab008e4f4841c9b)
15
16Co-authored-by: John Thacker <johnthacker@gmail.com>
17origin: https://gitlab.com/wireshark/wireshark/-/merge_requests/22553
18
19
20CVE: CVE-2025-13946
21Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/aba1fbe6266beb6bf9b887b6eab008e4f4841c9b]
22Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
23---
24 epan/dissectors/packet-megaco.c | 11 +++++++++--
25 1 file changed, 9 insertions(+), 2 deletions(-)
26
27diff --git a/epan/dissectors/packet-megaco.c b/epan/dissectors/packet-megaco.c
28index 327b849..abf2078 100644
29--- a/epan/dissectors/packet-megaco.c
30+++ b/epan/dissectors/packet-megaco.c
31@@ -1775,8 +1775,15 @@ dissect_megaco_mediadescriptor(tvbuff_t *tvb, proto_tree *megaco_tree_command_li
32 mediaParm = find_megaco_mediaParm_names(tvb, tvb_current_offset, tokenlen);
33
34 tvb_LBRKT = tvb_find_guint8(tvb, tvb_next_offset , tvb_last_RBRKT, '{');
35- tvb_next_offset = tvb_find_guint8(tvb, tvb_current_offset+1 , tvb_last_RBRKT, '}');
36- tvb_RBRKT = tvb_next_offset;
37+ if (tvb_LBRKT == -1) {
38+ // Not found, use the end offset.
39+ tvb_LBRKT = tvb_last_RBRKT;
40+ }
41+ tvb_RBRKT = tvb_find_guint8(tvb, tvb_current_offset+1 , tvb_last_RBRKT, '}');
42+ if (tvb_RBRKT == -1) {
43+ // Not found, use the end offset.
44+ tvb_RBRKT = tvb_last_RBRKT;
45+ }
46
47 switch ( mediaParm ){
48 case MEGACO_LOCAL_TOKEN:
49--
502.50.1
51
diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb
index 559dd75fe0..1185804282 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
19 file://CVE-2026-0962.patch \ 19 file://CVE-2026-0962.patch \
20 file://CVE-2026-3201.patch \ 20 file://CVE-2026-3201.patch \
21 file://CVE-2026-0960.patch \ 21 file://CVE-2026-0960.patch \
22 file://CVE-2025-13946.patch \
22 " 23 "
23 24
24UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions" 25UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"