Wireshark DOS Vulnerability-02 Sep14 (Windows) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to denial of sevice vulnerability.

Impact

Successful exploitation will allow attackers to cause denial of service attack. Impact Level: Application

Solution

Upgrade to Wireshark version 1.12.1 or later, For updates refer to https://www.wireshark.org

Insight

Flaws are due to, - Error in the get_quoted_string and get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector. - The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector does not properly handle a NULL tree.

Affected

Wireshark version 1.12.x before 1.12.1 on Windows

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://www.osvdb.com/111601
http://www.osvdb.com/111602
https://www.wireshark.org/security/wnpa-sec-2014-15.html
https://www.wireshark.org/security/wnpa-sec-2014-16.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6425, CVE-2014-6426
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple iTunes Multiple Vulnerabilities
Denial of Service vulnerability in AVG Anti-Virus (Linux)
Comodo Internet Security Denial of Service Vulnerability-01
Connect back to SOCKS4 server
ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)

Take action and discover your vulnerabilities