Skip to main content

Wireshark Multiple Vulnerabilities

Last Update Date: 3 Nov 2011 11:18 Release Date: 3 Nov 2011 5548 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

  1. An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash.
    Note: This vulnerability only affects versions 1.6.0 to 1.6.2.
  2. A NULL pointer dereference error within the Infiniband dissector can be exploited to cause a crash.
  3. An error within the ERF file parser can be exploited to cause a heap-based buffer overflow.

Successful exploitation of this vulnerability may allow execution of arbitrary code.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Wireshark 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.6.3 or 1.4.10.

Vulnerability Identifier


Source


Related Link