Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Wireshark Multiple Denial-of-Service Vulnerabilities-01 August15 (Windows)

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

4.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

8 years ago

Modified

Modified

5 years ago

Summary

This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities.

Insight

Insight

Multiple flaws exists due to, - An error in 'proto_tree_add_bytes_item' function in 'epan/proto.c' script in the protocol-tree implementation. - An error in 'wmem_block_split_free_chunk' function in 'epan/wmem/wmem_allocator_block.c' script in the wmem block allocator in the memory manager. - An error in 'dissector-table' implementation in 'epan/packet.c' script which mishandles table searches for empty strings. - An error in 'dissect_zbee_secure' function in 'epan/dissectors/packet-zbee-security.c' script in the ZigBee dissector. - Mishandling of datatype by 'epan/dissectors/packet-gsm_rlcmac.c' script in the GSM RLC/MAC dissector. - An error in 'dissect_wa_payload' function in 'epan/dissectors/packet-waveagent.c' script in the WaveAgent dissector. - Improper input validation of offset value by 'dissect_openflow_tablemod_v5' function in 'epan/dissectors/packet-openflow_v5.c' script. - Invalid data length checking by 'ptvcursor_add' function in the ptvcursor implementation in 'epan/proto.c' script. - An error in 'dissect_wccp2r1_address_table_info' function in 'epan/dissectors/packet-wccp.c' script.

Affected Software

Affected Software

Wireshark version 1.12.x before 1.12.7 on Windows

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Upgrade Wireshark to version 1.12.7 or later.