Skip to main content

Wireshark Denial of Service Vulnerability

Last Update Date: 29 Mar 2012 14:49 Release Date: 29 Mar 2012 5280 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

  1. A NULL pointer dereference error in the ANSI A dissector can be exploited to cause a crash via a specially crafted packet.
  2. An error in the IEEE 802.11 dissector can be exploited to cause an infinite loop via a specially crafted packet.
  3. An error in the MP2T dissector when allocating memory can be exploited to cause a crash via a specially crafted packet.
    NOTE: A weakness exists in the pcap and pcap-ng file parsers when reading ERF data and can cause a crash via a specially crafted trace file.

Impact

  • Denial of Service

System / Technologies affected

  • Wireshark 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.
  • Update to version 1.4.12 or 1.6.6.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link