Wireshark Catapult IrDA parser Denial of Service Vulnerability (CVE-2014-5161)

Wireshark Catapult IrDA parser Denial of Service Vulnerability (CVE-2014-5161)

Release date:
Updated on:

Affected Systems:
Wireshark <1.10.9
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69001
CVE (CAN) ID: CVE-2014-5161
 
Wireshark is the most popular network protocol parser.
 
In the IrDA parser of Wireshark 1.10.0-1.10.8, The dissect_log function in the plugins/irda/packet-irda.c does not properly Delete the '\ n' character, this allows remote attackers to cause denial of service (buffer overflow and application crash) through specially crafted data packets ).

Simple use of Wireshark

Install Wireshark in Ubuntu 12.04

Starting Wireshark packet capture from common users in Linux
 
<* Source: vendor

Link: http://secunia.com/advisories/59299/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Wireshark
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Https://code.wireshark.org/review/gitweb? P = wireshark. git; a = commit; h = 16f8ba1bed579344df373bf38fff552ab8baf380
Http://www.wireshark.org/security/wnpa-sec-2014-08.html

Wireshark details: click here
Wireshark: click here

This article permanently updates the link address: