Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Wireshark Multiple Denial-of-Service Vulnerabilities-03 January16 (Mac OS X)

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

4.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

3 years ago

Summary

This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities.

Insight

Insight

Multiple flaws exist due to - 'init_t38_info_conv' function in 'epan/dissectors/packet-t38.c' script in the T.38 dissector does not ensure that a conversation exists. - 'epan/dissectors/packet-alljoyn.c' in the AllJoyn dissector does not check for empty arguments. - 'dissect_dcom_OBJREF' function in 'epan/dissectors/packet-dcom.c' script in the DCOM dissecto does not initialize a certain IPv4 data structure. - 'epan/dissectors/packet-umts_fp.c' script in the UMTS FP dissector does not properly reserve memory for channel ID mappings. - 'dissect_dns_answer' function in 'epan/dissectors/packet-dns.c' script in the DNS dissector mishandles the EDNS0 Client Subnet option. - 'dissect_sdp' function in 'epan/dissectors/packet-sdp.c' script in the SDP dissector does not prevent use of a negative media count. - 'dissect_hsdsch_channel_info' function in 'epan/dissectors/packet-umts_fp.c' script in the UMTS FP dissector does not validate the number of PDUs.

Affected Software

Affected Software

Wireshark version 1.12.x before 1.12.9 on Mac OS X

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Upgrade to Wireshark version 1.12.9 or later.