Wireshark Multiple Denial Of Service Vulnerabilities - July 12 (Windows) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation will allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to the Wireshark version 1.4.13, 1.6.8 or later, For updates refer to http://www.wireshark.org/download

Insight

- Errors in the ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors can be exploited to cause infinite loops via specially crafted packets. - An error in the DIAMETER dissector does not properly allocate memory and can be exploited to cause a crash via a specially crafted packet.

Affected

Wireshark versions 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on Windows

References

http://secunia.com/advisories/49226/
http://www.wireshark.org/security/wnpa-sec-2012-08.html
http://www.wireshark.org/security/wnpa-sec-2012-09.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7138

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2392, CVE-2012-2393, CVE-2012-3825, CVE-2012-3826

CVSS	Base Score: 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Sun VirtualBox or xVM VirtualBox Denial Of Service Vulnerability (Win)
OpenOffice senddoc Insecure Temporary File Creation Vulnerability (Win)
SystemTap Unprivileged Mode Multiple Denial Of Service Vulnerabilities
ZNC NULL Pointer Dereference Denial Of Service Vulnerability
Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)

Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows)

Take action and discover your vulnerabilities