Wireshark Multiple Vulnerabilities
Last Update Date:
12 Sep 2011 10:22
Release Date:
12 Sep 2011
6160
Views
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities have been identified in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
- An error within the processing of certain IKE packets can be exploited to cause an infinite loop leading to e.g. a high resource consumption and crashes.
- An unspecified error related to Lua scripts can be exploited to execute arbitrary Lua scripts via vectors similar to "DLL hijacking".
- An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Wireshark 1.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 1.6.2
Vulnerability Identifier
Source
Related Link
Share with