| Message ID | 20251205131055.914442-1-hprajapati@mvista.com |
|---|---|
| State | Superseded, archived |
| Delegated to: | Anuj Mittal |
| Headers | show |
| Series | [meta-networking,scarthgap] wireshark: fix CVE-2025-13499 | expand |
On Fri, Dec 5, 2025 at 9:11 PM Hitendra Prajapati via lists.openembedded.org <hprajapati=mvista.com@lists.openembedded.org> wrote: > > Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7 > > Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> > --- > .../wireshark/files/CVE-2025-13499.patch | 45 +++++++++++++++++++ > .../wireshark/wireshark_4.2.12.bb | 1 + > 2 files changed, 46 insertions(+) > create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch > > diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch > new file mode 100644 > index 0000000000..b713cea8c4 > --- /dev/null > +++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch > @@ -0,0 +1,45 @@ > +From e180152d3dae668249f78c72a55a4ba436b57af7 Mon Sep 17 00:00:00 2001 > +From: Darius Davis <darius-wireshark@free-range.com.au> > +Date: Sat, 25 Oct 2025 15:01:34 +1000 > +Subject: [PATCH] Kafka: Fix decompress_snappy with no xerial chunks. > + > +Instead of returning true without setting outputs, report a failure to > +decompress and return false to the caller. > + > +Fix #20823 > + > +(cherry picked from commit 49137f8ce93c9f7ac55b69c8e089ba6a422f633e) > + > +CVE-2025-13499 > +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7] > +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> > +--- > + epan/dissectors/packet-kafka.c | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c > +index 482a670..e537013 100644 > +--- a/epan/dissectors/packet-kafka.c > ++++ b/epan/dissectors/packet-kafka.c > +@@ -1788,6 +1788,7 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, > + count++; > + DISSECTOR_ASSERT_HINT(count < MAX_LOOP_ITERATIONS, "MAX_LOOP_ITERATIONS exceeded"); > + } > ++ ret = composite_tvb != NULL; > + > + } else { > + > +@@ -1810,9 +1811,8 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, > + > + *decompressed_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, (guint)out_size, (gint)out_size); > + *decompressed_offset = 0; > +- > ++ ret = TRUE; > + } > +- ret = TRUE; > + end: > + if (composite_tvb) { > + tvb_composite_finalize(composite_tvb); > +-- > +2.50.1 > + > diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb > index ab6160b767..ed488a3555 100644 > --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb > +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb scarthgap currently has 4.2.14 so this does not apply. If the CVE is still applicable, please rebase and test and send again. Thanks, Anuj
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch new file mode 100644 index 0000000000..b713cea8c4 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch @@ -0,0 +1,45 @@ +From e180152d3dae668249f78c72a55a4ba436b57af7 Mon Sep 17 00:00:00 2001 +From: Darius Davis <darius-wireshark@free-range.com.au> +Date: Sat, 25 Oct 2025 15:01:34 +1000 +Subject: [PATCH] Kafka: Fix decompress_snappy with no xerial chunks. + +Instead of returning true without setting outputs, report a failure to +decompress and return false to the caller. + +Fix #20823 + +(cherry picked from commit 49137f8ce93c9f7ac55b69c8e089ba6a422f633e) + +CVE-2025-13499 +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7] +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + epan/dissectors/packet-kafka.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c +index 482a670..e537013 100644 +--- a/epan/dissectors/packet-kafka.c ++++ b/epan/dissectors/packet-kafka.c +@@ -1788,6 +1788,7 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, + count++; + DISSECTOR_ASSERT_HINT(count < MAX_LOOP_ITERATIONS, "MAX_LOOP_ITERATIONS exceeded"); + } ++ ret = composite_tvb != NULL; + + } else { + +@@ -1810,9 +1811,8 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, + + *decompressed_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, (guint)out_size, (gint)out_size); + *decompressed_offset = 0; +- ++ ret = TRUE; + } +- ret = TRUE; + end: + if (composite_tvb) { + tvb_composite_finalize(composite_tvb); +-- +2.50.1 + diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb index ab6160b767..ed488a3555 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb @@ -13,6 +13,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz file://0002-flex-Remove-line-directives.patch \ file://0004-lemon-Remove-line-directives.patch \ file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \ + file://CVE-2025-13499.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> --- .../wireshark/files/CVE-2025-13499.patch | 45 +++++++++++++++++++ .../wireshark/wireshark_4.2.12.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch