Skip to main content

Wireshark Multiple Vulnerabilities

Last Update Date: 12 Sep 2011 10:22 Release Date: 12 Sep 2011 6160 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

  1. An error within the processing of certain IKE packets can be exploited to cause an infinite loop leading to e.g. a high resource consumption and crashes.
  2. An unspecified error related to Lua scripts can be exploited to execute arbitrary Lua scripts via vectors similar to "DLL hijacking".
  3. An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Wireshark 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.6.2

Vulnerability Identifier


Source


Related Link