Wireshark SigComp Universal Decompressor Virtual Machine Dissector DOS Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow the attackers to crash an affected application. Impact Level: Application

Solution

Upgrade to Wireshark version 1.0.14 or 1.2.9: For updates refer to http://www.wireshark.org/download.html

Insight

The flaw is caused by an off-by-one error within the SigComp Universal Decompressor Virtual Machine, which could be exploited by attackers to crash an affected application or execute arbitrary code via unknown vectors.

Affected

Wireshark version 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8

References

http://secunia.com/advisories/40112
http://www.openwall.com/lists/oss-security/2010/06/11/1
http://www.vupen.com/english/advisories/2010/1418
http://www.wireshark.org/security/wnpa-sec-2010-05.html
http://www.wireshark.org/security/wnpa-sec-2010-06.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2286
CVSS Base Score: 3.3
AV:A/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Perl Denial of Service Vulnerability Jan 2015 (Windows)
Wireshark SigComp Universal Decompressor Virtual Machine dissector DOS Vulnerability (Win)
SystemTap Unprivileged Mode Multiple Denial Of Service Vulnerabilities
ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
Sun VirtualBox or xVM VirtualBox Denial Of Service Vulnerability (Win)

Take action and discover your vulnerabilities