diff --git a/CVE-2025-13499.patch b/CVE-2025-13499.patch new file mode 100644 index 0000000000000000000000000000000000000000..be1febf3616ccd1078f4366fcb9abd847a09aeb3 --- /dev/null +++ b/CVE-2025-13499.patch @@ -0,0 +1,43 @@ +From e180152d3dae668249f78c72a55a4ba436b57af7 Mon Sep 17 00:00:00 2001 +From: Darius Davis +Date: Sat, 25 Oct 2025 15:01:34 +1000 +Subject: [PATCH] Kafka: Fix decompress_snappy with no xerial chunks. + +Instead of returning true without setting outputs, report a failure to +decompress and return false to the caller. + +Fix #20823 + +(cherry picked from commit 49137f8ce93c9f7ac55b69c8e089ba6a422f633e) + +Origin: https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7 +--- + epan/dissectors/packet-kafka.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c +index 2b6b179fb28..bc23feae654 100644 +--- a/epan/dissectors/packet-kafka.c ++++ b/epan/dissectors/packet-kafka.c +@@ -1909,6 +1909,7 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, uint32_t length + count++; + DISSECTOR_ASSERT_HINT(count < MAX_LOOP_ITERATIONS, "MAX_LOOP_ITERATIONS exceeded"); + } ++ ret = composite_tvb != NULL; + + } else { + +@@ -1918,9 +1919,9 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, uint32_t length + goto end; + } + *decompressed_offset = 0; ++ ret = true; + + } +- ret = true; + end: + if (composite_tvb) { + tvb_composite_finalize(composite_tvb); +-- +GitLab + diff --git a/wireshark.spec b/wireshark.spec index 4e8c21228b33d038a9f73398c996b7261c56e1fc..aa393a54f16db05382d05e1d7dabff66c03c9f7c 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -3,7 +3,7 @@ Summary: Network traffic analyzer Name: wireshark Version: 4.4.10 -Release: 1 +Release: 2 Epoch: 1 License: BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib) Url: https://www.wireshark.org/ @@ -19,6 +19,7 @@ Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch Patch7: wireshark-0007-cmakelists.patch Patch8: wireshark-0008-pkgconfig.patch +Patch9: CVE-2025-13499.patch Requires: xdg-utils Requires: hicolor-icon-theme @@ -199,6 +200,9 @@ fi %{_mandir}/man?/* %changelog +* Mon Nov 24 2025 yaoxin <1024769339@qq.com> - 1:4.4.10-2 +- Fix CVE-2025-13499 + * Sat Oct 11 2025 yaoxin <1024769339@qq.com> - 1:4.4.10-1 - Update to 4.4.10 for fix CVE-2025-11626