diff mbox series

[meta-networking,scarthgap] wireshark: fix CVE-2025-13499

Message ID 20251205131055.914442-1-hprajapati@mvista.com
State New
Headers show
Series [meta-networking,scarthgap] wireshark: fix CVE-2025-13499 | expand

Commit Message

Hitendra Prajapati Dec. 5, 2025, 1:10 p.m. UTC 
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 .../wireshark/files/CVE-2025-13499.patch      | 45 +++++++++++++++++++
 .../wireshark/wireshark_4.2.12.bb             |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch
diff mbox series

Patch

diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch
new file mode 100644
index 0000000000..b713cea8c4
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch
@@ -0,0 +1,45 @@ 
+From e180152d3dae668249f78c72a55a4ba436b57af7 Mon Sep 17 00:00:00 2001
+From: Darius Davis <darius-wireshark@free-range.com.au>
+Date: Sat, 25 Oct 2025 15:01:34 +1000
+Subject: [PATCH] Kafka: Fix decompress_snappy with no xerial chunks.
+
+Instead of returning true without setting outputs, report a failure to
+decompress and return false to the caller.
+
+Fix #20823
+
+(cherry picked from commit 49137f8ce93c9f7ac55b69c8e089ba6a422f633e)
+
+CVE-2025-13499
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-kafka.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c
+index 482a670..e537013 100644
+--- a/epan/dissectors/packet-kafka.c
++++ b/epan/dissectors/packet-kafka.c
+@@ -1788,6 +1788,7 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length,
+             count++;
+             DISSECTOR_ASSERT_HINT(count < MAX_LOOP_ITERATIONS, "MAX_LOOP_ITERATIONS exceeded");
+         }
++        ret = composite_tvb != NULL;
+ 
+     } else {
+ 
+@@ -1810,9 +1811,8 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length,
+ 
+         *decompressed_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, (guint)out_size, (gint)out_size);
+         *decompressed_offset = 0;
+-
++	ret = TRUE;
+     }
+-    ret = TRUE;
+ end:
+     if (composite_tvb) {
+         tvb_composite_finalize(composite_tvb);
+-- 
+2.50.1
+
diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb
index ab6160b767..ed488a3555 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.12.bb
@@ -13,6 +13,7 @@  SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
            file://0002-flex-Remove-line-directives.patch \
            file://0004-lemon-Remove-line-directives.patch \
            file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \
+           file://CVE-2025-13499.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"