diff --git a/CVE-2024-4854.patch b/CVE-2024-4854.patch new file mode 100644 index 0000000000000000000000000000000000000000..b0a905acdad67aa53ed7dc47bf5cd35e96b42389 --- /dev/null +++ b/CVE-2024-4854.patch @@ -0,0 +1,38 @@ +From 9da8ab2b0614b25c9210ac4c524b836e730fefa0 Mon Sep 17 00:00:00 2001 +From: John Thacker +Date: Tue, 14 May 2024 09:47:00 +0800 +Subject: [PATCH] Mongo: Ensure the offset advances + +--- + epan/dissectors/packet-mongo.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-mongo.c b/epan/dissectors/packet-mongo.c +index 82f45e0..86bf3d0 100644 +--- a/epan/dissectors/packet-mongo.c ++++ b/epan/dissectors/packet-mongo.c +@@ -797,7 +797,10 @@ dissect_op_msg_section(tvbuff_t *tvb, packet_info *pinfo, guint offset, proto_tr + + switch (e_type) { + case KIND_BODY: +- dissect_bson_document(tvb, pinfo, offset, section_tree, hf_mongo_msg_sections_section_body); ++ section_len = dissect_bson_document(tvb, pinfo, offset, section_tree, hf_mongo_msg_sections_section_body); ++ /* If section_len is bogus (e.g., negative), dissect_bson_document sets ++ * an expert info and can return a different value than read above. ++ */ + break; + case KIND_DOCUMENT_SEQUENCE: { + gint32 dsi_length; +@@ -806,6 +809,9 @@ dissect_op_msg_section(tvbuff_t *tvb, packet_info *pinfo, guint offset, proto_tr + proto_tree *documents_tree; + + proto_tree_add_item(section_tree, hf_mongo_msg_sections_section_size, tvb, offset, 4, ENC_LITTLE_ENDIAN); ++ /* This is redundant with the lengths in the documents, we don't use this ++ * size at all. We could still report an expert info if it's bogus. ++ */ + offset += 4; + to_read -= 4; + +-- +2.27.0 + diff --git a/wireshark.spec b/wireshark.spec index 09c5c41e52fe7753c9c0d3bb15a7293e3c4f6711..cbd3ae9eec69654b669eecd55a6a8edc526e6a64 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -5,7 +5,7 @@ Summary: Network traffic analyzer Name: wireshark Version: 3.6.14 -Release: 8 +Release: 9 Epoch: 1 License: GPL+ Url: http://www.wireshark.org/ @@ -35,6 +35,7 @@ Patch17: CVE-2024-0208.patch Patch18: CVE-2024-0209.patch # https://gitlab.com/wireshark/wireshark/-/commit/28fdce547c417b868c521f87fb58f71ca6b1e3f7 Patch19: CVE-2023-0666.patch +Patch20: CVE-2024-4854.patch Requires: xdg-utils Requires: hicolor-icon-theme @@ -209,6 +210,9 @@ exit 0 %{_mandir}/man?/* %changelog +* Tue 14 May 2024 baiguo - 1:3.6.14-9 +- Fix CVE-2024-4854 + * Mon Mar 25 2024 yaoxin - 1:3.6.14-8 - Fix CVE-2023-0666