Release date:
Updated on:
Affected Systems:
Wireshark 1.8.0-1.8.12
Wireshark 1.10.0-1.10.5
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66070
CVE (CAN) ID: CVE-2014-2282
Wireshark is the most popular network protocol parser.
WiresharkM3UA parser has errors in the implementation of processing malformed data packets, which can be maliciously exploited to cause denial of service or arbitrary code execution.
<* Source: Laurent Butti.
Link: http://secunia.com/advisories/57265/
Http://www.wireshark.org/security/wnpa-sec-2014-02.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Wireshark
---------
Wireshark has released a Security Bulletin (wnpa-sec-2014-02) and corresponding patches for this:
Wnpa-sec-2014-02: wnpa-sec-2014-02-M3UA dissector crash
Link: http://www.wireshark.org/security/wnpa-sec-2014-02.html