wireshark
Page content
- Author: Miklos Vajna
- Vulnerable: 1.6.3-1mores1
- Unaffected: 1.6.5-1mores1
Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user’s system.
- NULL pointer dereference errors when reading certain packet information can be exploited to cause a crash.
- An error within the RLC dissector can be exploited to cause a buffer overflow via a specially crafted RLC packet capture file. Successful exploitation of this vulnerability may allow execution of arbitrary code.
- An error within the “lanalyzer_read()” function (wiretap/lanalyzer.c) when parsing LANalyzer files can be exploited to cause a heap-based buffer underflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. NOTE: A weakness within the file parser, which can lead to a crash when handling capture files has also been reported.
- Bug Tracker URL: https://bugs.frugalware.org/ticket/4650
CVEs:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0041
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0042
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0043
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0066
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0067
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0068