Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Wireshark Multiple Denial of Service Vulnerabilities -02 May16 (Windows)

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

4.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

3 years ago

Summary

This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities.

Insight

Insight

Multiple flaws exist due to, - 'epan/proto.c' script does not limit the protocol-tree depth. - The IEEE 802.11 dissector does not properly restrict element lists. - 'epan/dissectors/packet-pktc.c' script in the PKTC dissector does not verify BER identifiers. - 'epan/dissectors/packet-pktc.c' script in the PKTC dissector misparses timestamp fields. - An incorrect integer data type usage by 'epan/dissectors/packet-iax2.c' script in the IAX2 dissector. - An incorrect array indexing by 'epan/dissectors/packet-gsm_cbch.c' script in the GSM CBCH dissector.

Affected Software

Affected Software

Wireshark version 1.12.x before 1.12.11 and 2.0.x before 2.0.3 on Windows

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Upgrade to Wireshark version 1.12.11 or or 2.0.3 or later.