You are here

U-176: Wireshark Multiple Bugs Let Remote Users Deny Service

May 24, 2012 - 7:00am

Addthis

PROBLEM:

Wireshark Multiple Bugs Let Remote Users Deny Service

PLATFORM:

1.4.0 to 1.4.12, 1.6.0 to 1.6.7

ABSTRACT:

Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

Reference Links:

SecurityTracker Alert ID: 1027094
CVE-2012-2392
CVE-2012-2393
CVE-2012-2394

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can send specially crafted ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 data to cause Wireshark to hang or enter an infinite loop.
A remote user can cause the DIAMETER dissector to crash.
A remote user can trigger a memory error on SPARC or Itanium processors and cause Wireshark to crash.

Impact:

A remote user can cause Wireshark to hang or crash.

Solution:

The vendor has issued a fix (1.4.13, 1.6.8).

Addthis