Wireshark Multiple Denial Of Service Vulnerabilities (Win) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to multiple Denial of Service vulnerabilities.

Impact

Successful exploitation could result in Denial of Serivce condition. Impact Level: Application

Solution

Upgrade to Wireshark 1.2.2 http://www.wireshark.org/download.html

Insight

- An unspecified error in 'packet.c' in the GSM A RR dissector caused via unknown vectors related to 'an uninitialized dissector handle,' which triggers an assertion failure. - An unspecified error in the TLS dissector which can be exploited via unknown vectors related to TLS 1.2 conversations.

Affected

Wireshark version 1.2.0 to 1.2.1 on Windows

References

http://secunia.com/advisories/36754
http://www.wireshark.org/security/wnpa-sec-2009-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3893
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4008

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3242, CVE-2009-3243
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability
ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
Connect back to SOCKS5 server
Apache Subversion 'mod_dav_svn' Module Multiple DoS Vulnerabilities

Wireshark Multiple Denial of Service Vulnerabilities (Win)

Take action and discover your vulnerabilities