new file mode 100644
@@ -0,0 +1,68 @@
+From 8c186dbb381cf51064fa8dbff7953468d5ae394c Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sat, 26 Apr 2025 10:01:19 +0000
+Subject: [PATCH] column: Do not allow fence to go beyond column size when
+ prepending
+
+When moving the fence location forward when prepending, ensure
+that it does not go past the end of the buffer.
+
+Also get rid of unnecessary branching and strlen calls.
+
+Fix #20509
+
+(cherry picked from commit 53213086304caa3dfbdd7dc39c2668a3aea1a5c0)
+
+Co-authored-by: John Thacker <johnthacker@gmail.com>
+
+origin: https://gitlab.com/wireshark/wireshark/-/merge_requests/18076/diffs?commit_id=8c186dbb381cf51064fa8dbff7953468d5ae394c
+
+CVE: CVE-2025-5601
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/8c186dbb381cf51064fa8dbff7953468d5ae394c]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/column-utils.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/epan/column-utils.c b/epan/column-utils.c
+index ad34cff..15e15fc 100644
+--- a/epan/column-utils.c
++++ b/epan/column-utils.c
+@@ -577,8 +577,13 @@ col_prepend_fstr(column_info *cinfo, const gint el, const gchar *format, ...)
+ /*
+ * Move the fence, unless it's at the beginning of the string.
+ */
+- if (col_item->col_fence > 0)
++ if (col_item->col_fence > 0) {
++ /* pos >= strlen if truncation occurred; this saves on a strlen
++ * call and prevents adding a single byte character later if a
++ * a multibyte character was truncated (good). */
+ col_item->col_fence += (int) strlen(col_item->col_buf);
++ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence);
++ }
+
+ g_strlcat(col_item->col_buf, orig, max_len);
+ col_item->col_data = col_item->col_buf;
+@@ -621,11 +626,14 @@ col_prepend_fence_fstr(column_info *cinfo, const gint el, const gchar *format, .
+ * Move the fence if it exists, else create a new fence at the
+ * end of the prepended data.
+ */
+- if (col_item->col_fence > 0) {
+- col_item->col_fence += (int) strlen(col_item->col_buf);
+- } else {
+- col_item->col_fence = (int) strlen(col_item->col_buf);
+- }
++ /* pos >= strlen if truncation occurred; this saves on a strlen
++ * call and prevents adding a single byte character later if a
++ * a multibyte character was truncated (good). */
++ col_item->col_fence += (int) strlen(col_item->col_buf);
++ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence);
++ /*
++ * Append the original data.
++ */
+ g_strlcat(col_item->col_buf, orig, max_len);
+ col_item->col_data = col_item->col_buf;
+ }
+--
+2.50.1
+
@@ -35,6 +35,7 @@ SRC_URI += " \
file://CVE-2024-8645.patch \
file://CVE-2026-0960.patch \
file://CVE-2025-13945.patch \
+ file://CVE-2025-5601.patch \
"
UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
Pick patch from [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-5601 [2] https://gitlab.com/wireshark/wireshark/-/issues/20509 More details : https://nvd.nist.gov/vuln/detail/CVE-2025-5601 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> --- .../wireshark/files/CVE-2025-5601.patch | 68 +++++++++++++++++++ .../wireshark/wireshark_3.4.16.bb | 1 + 2 files changed, 69 insertions(+) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch