KLA10649
Denial of service vulnerabilities in Wireshark
Updated: 11/06/2018
CVSS
?
4.3
Detect date
?
08/11/2015
Severity
?
Warning
Description

An unspecified vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed file or network packet.


Technical details

This vulnerability related to next conditions:

  1. Adding item to protocol tree;
  2. Ptvcursor length checking;
  3. WCCP, OpenFlow, GSM RLC/MAC, ZigBee, WaveAgent dissectors acting;
  4. Attempt to free invalid memory;
  5. Searching protocol dissector.

As result of exploitation there are two kinds DoS: crash or consume excessive CPU resources.

Affected products

Wireshark versions earlier than 1.12.7

Solution

Update to the latest version
Get Wireshark

Original advisories

Wireshark Security Advisories

Impacts
?
DoS 
[?]
Related products
Wireshark
CVE-IDS
?

CVE-2015-6246
CVE-2015-6245
CVE-2015-6241
CVE-2015-6242
CVE-2015-6248
CVE-2015-6247
CVE-2015-6249
CVE-2015-6244
CVE-2015-6243