Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Wireshark Multiple Denial-of-Service Vulnerabilities-01 June15 (Windows)

Information

Severity

Severity

High

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

7 years ago

Modified

Modified

4 years ago

Summary

This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities.

Insight

Insight

Multiple flaws are due to, - The 'logcat_dump_text' function in 'wiretap/logcat.c' in the Android Logcat file parser does not properly handle a lack of \0 termination. - The 'detect_version' function in 'wiretap/logcat.c' in the Android Logcat file parser does not check the length of the payload. - The 'fragment_add_work' function in 'epan/reassemble.c' in the packet-reassembly feature does not properly determine the defragmentation state in a case of an insufficient snapshot length. - 'epan/dissectors/packet-websocket.c' in the WebSocket dissector uses a recursive algorithm, which can result in a consumption of CPU resources. - The 'dissect_lbmr_pser' function in 'epan/dissectors/packet-lbmr.c' in the LBMR dissector does not properly track the current offset and does not reject a zero length.

Affected Software

Affected Software

Wireshark version 1.12.x before 1.12.5 on Windows

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Upgrade to version 1.12.5 or later.