KLA10637
Multiple vulnerabilities in Wireshark
Updated: 11/06/2018
CVSS
?
5.0
Detect date
?
07/17/2015
Severity
?
Critical
Description

Multiple vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities remotely  to cause a denial of service via a specially crafted packet trace file.

Below is a complete list of vulnerabilities

  1. The de_emerg_num_list function and the de_bcd_num function in epan/dissectors/packet-gsm_a_dtap.c file in the GSM DTAP dissector component check digit characters improperly
  2. The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c file in the WCCP dissector component checks memory size for storing IP address strings improperly
Affected products

Wireshark 1.12 versions earlier than 1.12.6

Solution

Update to the latest version

Original advisories

Wireshark security advisory
Wireshark security advisory

Impacts
?
DoS 
[?]
Related products
Wireshark
CVE-IDS
?

CVE-2015-4651
CVE-2015-4652