Beschreibung
Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.
Below is a complete list of vulnerabilities
- Improper data validation and lack of restrictions can be exploited remotely via a specially designed packet or file;
- Improper memory access can be exploited remotely via a specially designed packet or file;
- Improper functions usage can be exploited remotely via a specially designed packet;
- Improper feature maintenance can be exploited remotely via a specially designed packet.
Technical details
Vulnerabilities (1) related to multiple reasons listed below:
dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c at the MS-WSP dissector does not validate column size.
dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c at the TDS dissector does not validate the number of columns.
s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c at the S7COMM dissector does not validate the list count in an SZL response.
mp2t_open function in wiretap/mp2t.c at the MP2T file parser does not validate the bit rate.
dissect_nwp function in epan/dissectors/packet-nwp.c at the NWP dissector mishandles the packet type.
ngsniffer_process_record function in wiretap/ngsniffer.c at the Sniffer file parser does not validate the relationships between record lengths and record header lengths.
dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c at the ZigBee ZCL dissector does not validate the Total Profile Number field.
dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c at the RSL dissector does not reject unknown TLV types.
epan/dissectors/packet-nbap.c at the NBAP dissector does not validate the number of items.
ascend_seek function in wiretap/ascendtext.c at the Ascend file parser does not ensure the presence of a ‚