CVE-2022-3725

CVE-2022-3725.patch

@@ -0,0 +1,32 @@
+From 5db46d3a7c0f6481361a4a007de125ab92bfb674 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Mon, 26 Sep 2022 19:55:59 -0400
+Subject: [PATCH] opus: Don't overflow a signed 16-bit integer
+
+The internal sample rate of 48KHz overflows a signed 16-bit
+integer, and causes incorrect calculations. Use an unsigned integer.
+
+Fix #18378
+
+
+(cherry picked from commit 749a8d091200b43175268689996471b59fa34266)
+---
+ epan/dissectors/packet-opus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-opus.c b/epan/dissectors/packet-opus.c
+index 9451fed0a1..54a83a007e 100644
+--- a/epan/dissectors/packet-opus.c
++++ b/epan/dissectors/packet-opus.c
+@@ -128,7 +128,7 @@ parse_size_field(const unsigned char *ch, int32_t cn, int16_t *size)
+ }
+ 
+ static int16_t
+-opus_packet_get_samples_per_frame(const unsigned char *data, int16_t Fs)
++opus_packet_get_samples_per_frame(const unsigned char *data, uint16_t Fs)
+ {
+     int audiosize;
+     if (data[0] & 0x80) {
+-- 
+GitLab
+

wireshark.spec

@@ -5,7 +5,7 @@
 Summary:	Network traffic analyzer
 Name:		wireshark
 Version:	3.6.3
-Release:	2
+Release:	3
 Epoch:		1
 License:	GPL+
 Url:		http://www.wireshark.org/
@@ -22,6 +22,7 @@ Patch5:		wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
 Patch6:		wireshark-0006-Move-tmp-to-var-tmp.patch
 Patch7:		wireshark-0007-cmakelists.patch
 Patch8:		CVE-2022-3190.patch
+Patch9:		CVE-2022-3725.patch
 
 Requires:	xdg-utils
 Requires:	hicolor-icon-theme
@@ -196,6 +197,9 @@ exit 0
 %{_mandir}/man?/*
 
 %changelog
+* Wed Nov 09 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 1:3.6.3-3
+- fix CVE-2022-3725
+
 * Tue Sep 27 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 1:3.6.3-2
 - fix CVE-2022-3190