wireshark: Fix CVE-2026-3201

Pick patch from [1] also mentioned in [2] [1] https://gitlab.com/wireshark/wireshark/-/issues/20972 [2] https://security-tracker.debian.org/tracker/CVE-2026-3201 More details : https://nvd.nist.gov/vuln/detail/CVE-2026-3201 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-02 02:49:12 +00:00 · 2026-03-10 14:35:24 +05:30 · 2026-03-10 14:35:24 +05:30 · e7a359838c
commit e7a359838c
parent b48d119e50
2 changed files with 56 additions and 0 deletions
--- a/meta-networking/recipes-support/wireshark/files/CVE-2026-3201.patch
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2026-3201.patch
@ -0,0 +1,55 @@
+From 5e80615ebc95c3f57235ab2699b03e45d8071a1c Mon Sep 17 00:00:00 2001
+From: Michael Mann <mmann78@netscape.net>
+Date: Mon, 26 Jan 2026 16:44:58 +0000
+Subject: [PATCH] USB-HID: Bugfix resource exhaustion in
+ parse_report_descriptor()
+
+Sanity range check was removed in 739666a7f5acc270204980e01b4069caf5060f30, restore it
+
+AI-Assisted: no
+Fixes #20972
+
+(cherry picked from commit 6f753c79b7c8ac382e6383dfabd7d5be6e2b722c)
+
+CVE: CVE-2026-3201
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/5e80615ebc95c3f57235ab2699b03e45d8071a1c]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/dissectors/packet-usb-hid.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-usb-hid.c b/epan/dissectors/packet-usb-hid.c
+index 9a402ee..a27606a 100644
+--- a/epan/dissectors/packet-usb-hid.c
+++ b/epan/dissectors/packet-usb-hid.c
+@@ -3675,6 +3675,7 @@ hid_unpack_signed(guint8 *data, unsigned int idx, unsigned int size, gint32 *val
+     return FALSE;
+ }
+ 
+#define MAX_REPORT_DESCRIPTOR_COUNT 100000 // Arbitrary
+ static gboolean
+ parse_report_descriptor(report_descriptor_t *rdesc)
+ {
+@@ -3856,7 +3857,7 @@ parse_report_descriptor(report_descriptor_t *rdesc)
+                         }
+ 
+                         /* Usage min and max must be on the same page */
+-                        if (USAGE_PAGE(usage_min) != USAGE_PAGE(usage_max)) {
+                        if (USAGE_PAGE(usage_min) != USAGE_PAGE(usage_max))  {
+                             goto err;
+                         }
+ 
+@@ -3864,6 +3865,10 @@ parse_report_descriptor(report_descriptor_t *rdesc)
+                             goto err;
+                         }
+ 
+                        if (wmem_array_get_count(field.usages) + usage_max - usage_min >= MAX_REPORT_DESCRIPTOR_COUNT) {
+                            goto err;
+                        }
+
+                         /* min and max are inclusive */
+                         wmem_array_grow(field.usages, usage_max - usage_min + 1);
+                         for (guint32 j = usage_min; j <= usage_max; j++) {
+-- 
+2.50.1
+
--- a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb
@ -17,6 +17,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
           file://CVE-2025-13499.patch \
           file://CVE-2026-0959.patch \
           file://CVE-2026-0962.patch \
+           file://CVE-2026-3201.patch \
           "

 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"