Release date:
Updated on:
Affected Systems:
Wireshark 1.6.x
Wireshark 1.4.x
Unaffected system:
Wireshark 1.6.8
Wireshark 1.4.13
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53651
Wireshark (formerly known as Ethereal) is a network group analysis software.
Wireshark versions 1.6.0 to 1.6.7 and 1.4.0 to 1.4.12 have multiple ansi ma, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 Denial-of-Service vulnerabilities, attackers exploit this vulnerability to cause the affected application to crash by using malicious packets and inducing users to read malformed packet tracking files.
<* Source: Wireshark (http://www.wireshark.org /)
Link: http://www.wireshark.org/security/wnpa-sec-2012-08.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Wireshark
---------
Wireshark has released a Security Bulletin (wnpa-sec-2012-08) and corresponding patches for this:
Wnpa-sec-2012-08: Infinite and large loops in each dissectors
Link: http://www.wireshark.org/security/wnpa-sec-2012-08.html