diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-9817.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-9817.patch new file mode 100644 index 0000000000..034c51778e --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-9817.patch @@ -0,0 +1,32 @@ +From 39daba5e247ea495f88b0be82f0b7ebbdbf50fba Mon Sep 17 00:00:00 2001 +From: John Thacker +Date: Sat, 26 Jul 2025 07:10:28 -0400 +Subject: [PATCH] ssh: Add a null check + +Fix #20642 + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39daba5e247ea495f88b0be82f0b7ebbdbf50fba] +CVE: CVE-2025-9817 +Signed-off-by: Vijay Anusuri +--- + epan/dissectors/packet-ssh.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/epan/dissectors/packet-ssh.c b/epan/dissectors/packet-ssh.c +index 4f2b0ff..9b3b904 100644 +--- a/epan/dissectors/packet-ssh.c ++++ b/epan/dissectors/packet-ssh.c +@@ -2359,6 +2359,10 @@ ssh_kex_shared_secret(gint kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bign + } + + if(kex_type==SSH_KEX_DH_GEX){ ++ if (modulo == NULL) { ++ ws_debug("Missing group modulo"); ++ return NULL; ++ } + gcry_mpi_t b = NULL; + gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL); + gcry_mpi_t d = NULL, e = NULL, m = NULL; +-- +2.43.0 + diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb index 6246a1d9fa..bd014055a9 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb @@ -13,6 +13,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz file://0002-flex-Remove-line-directives.patch \ file://0004-lemon-Remove-line-directives.patch \ file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \ + file://CVE-2025-9817.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"