Wireshark Multiple Vulnerabilities
Last Update Date:
3 Nov 2011 11:18
Release Date:
3 Nov 2011
5502
Views
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities have been identified in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
- An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash.
Note: This vulnerability only affects versions 1.6.0 to 1.6.2. - A NULL pointer dereference error within the Infiniband dissector can be exploited to cause a crash.
- An error within the ERF file parser can be exploited to cause a heap-based buffer overflow.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Wireshark 1.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 1.6.3 or 1.4.10.
Vulnerability Identifier
Source
Related Link
Share with