Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-56


Wireshark Multiple Bugs Lets Remote Users Deny Service
Severity Rating: Medium
Systems Affected:
  • Wireshark versions 2.0.0 to 2.0.11
  • Wireshark versions 2.2.0 to 2.2.5
Description
Multiple vulnerabilities have been identified in Wireshark and they can be exploited by remote attackers to cause a denial of service condition on the vulnerable system. The vulnerabilities reported are as follows:
 
·         A vulnerability exists that can allow a remote user to cause denial of service conditions on the target system.
 
·         A vulnerability exists that can allow a remote user to send specially crafted data to cause the target service to crash.
 
·         A vulnerability exists which causes the IMAP dissector to be affected.
 
·         A vulnerability exists which causes the PacketBB dissector to be affected.
 
·         A vulnerability exists that causes a remote user to send specially crafted data to cause the target service to enter an infinite loop.
 
·         A vulnerability exists which causes the WBXML dissector to be affected.
 
·         A vulnerability exists which causes the NetParser file parser to be affected.
 
·         A vulnerability exists which causes the RPC over RDMA dissector to be affected.
 
·         A vulnerability exists and this can cause the BGP dissector to be affected.
 
·         A vulnerability exists and this can cause the DOF dissector to be affected.
 
·         A vulnerability exists and this can cause the SLSK dissector to be affected.
 
·         A vulnerability exists and this can cause the SIGCOMP dissector to be affected.
 
·         A vulnerability exists and this can cause the WSP dissector to be affected.
 
 
Solution
Users are advised to apply updates.
More information about the update is available on:
 
CVE Information
 
Vendor Information
Wireshark
 
References
Security Tracker
 
Wireshark
 
 
 
 
 
 
 
 
 
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis