Wireshark Multiple Vulnerabilities

Last Update Date: 12 Sep 2011 10:22 Release Date: 12 Sep 2011 5972 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

  1. An error within the processing of certain IKE packets can be exploited to cause an infinite loop leading to e.g. a high resource consumption and crashes.
  2. An unspecified error related to Lua scripts can be exploited to execute arbitrary Lua scripts via vectors similar to "DLL hijacking".
  3. An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Wireshark 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.6.2

Vulnerability Identifier

Source

Related Link

Share with

Previous

WordPress DukaPress Shopping Cart Plugin Vulnerability

7 Sep 2011 6059 Views

Next

Microsoft WINS Local Elevation of Privilege Vulnerability

14 Sep 2011 5762 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY