KLA10637
Multiple vulnerabilities in Wireshark
Обновлено: 07/08/2015
CVSS
5.0
Дата обнаружения
17/07/2015
Уровень угрозы
Warning
Описание

Multiple vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities remotely  to cause a denial of service via a specially crafted packet trace file.

Below is a complete list of vulnerabilities

  1. The de_emerg_num_list function and the de_bcd_num function in epan/dissectors/packet-gsm_a_dtap.c file in the GSM DTAP dissector component check digit characters improperly
  2. The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c file in the WCCP dissector component checks memory size for storing IP address strings improperly
Пораженные продукты

Wireshark 1.12 versions earlier than 1.12.6

Решение

Update to the latest version

Первичный источник обнаружения
Wireshark security advisory
Wireshark security advisory
Оказываемое влияние
?
DoS 
[?]
Связанные продукты
Wireshark
CVE-IDS

CVE-2015-4651
CVE-2015-4652