Name: ASN.1 zero-length g_malloc
Docid: enpa-sa-00003
Date: March 23, 2002
Versions affected: 0.9.2 and prior
Severity: High
Description:
It is possible that invalid data passed to a routine Ethereal's ASN.1 parser could cause it to allocate memory incorrectly, causing a crash. The SNMP, LDAP, COPS and Kerberos dissectors all use this routine.
Ethereal versions 0.9.2 and prior are subject to this bug. In order to determine which version of Ethereal you have installed, do one of the following:
ethereal -vor
tethereal -v(the "v" is lowercase").
Impact:
It may be possible to make Ethereal crash by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file.
Resolution:
Upgrade to 0.9.3 when it is released.