KLA11201
Multiple vulnerabilities in Wireshark

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

1. An improper operand validation offsets in the SIGCOMP protocol dissector can be exploited remotely via malformed packet trace file to cause denial of service;
2. Infinite loops in multiple dissectors can be exploited remotely via malformed packet to cause denial of service;
3. An improper certain types of packets handling in the UMTS MAC dissector can be exploited remotely via malformed packet to cause denial of service;
4. An improper certain types of packets handling in the IEEE 802.11 dissector can be exploited remotely via malformed packet to cause denial of service;
5. An improper certain types of packets handling in the FCP protocol dissector can be exploited remotely via malformed packet to cause denial of service;
6. An improper certain types of packets handling in the DOCSIS dissector can be exploited remotely via malformed packet to cause denial of service;
7. An unspecified vulnerability in pcapng file parser can be exploited remotely via malformed packet to cause denial of service;
8. An unspecified vulnerability in the IPMI dissector can be exploited remotely via malformed packet to cause denial of service;
9. An unspecified vulnerability in the SIGCOMP dissector can be exploited remotely via malformed packet to cause denial of service;
10. An unspecified vulnerability in the NBAP dissector can be exploited remotely via malformed packet to cause denial of service;

Wireshark 2.4.x earlier than 2.4.5
Wireshark 2.2.x earlier than 2.2.13

Update to the latest version
Get Wireshark