Release date:
Updated on:
Affected Systems:
Wireshark 1.6.x
Wireshark 1.4.x
Unaffected system:
Wireshark 1.6.8
Wireshark 1.4.13
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53652
Wireshark (formerly known as Ethereal) is a network group analysis software.
Wireshark 1.6.0 to 1.6.7 and 1.4.0 to 1.4.12 have a denial of service vulnerability caused by memory allocation, attackers exploit this vulnerability to cause the affected application to crash by using malicious packets and inducing users to read malformed packet tracking files.
<* Source: Wireshark (http://www.wireshark.org /)
Link: http://www.wireshark.org/security/wnpa-sec-2012-09.html
Https://bugs.wireshark.org/bugzilla/show_bug.cgi? Id = 7138
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Wireshark
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.wireshark.org/security/