Download
| Alert*
oval:org.secpod.oval:def:55041
The host is installed with Wireshark 2.4.0 to 2.4.14, 2.6.0 to 2.6.8 or 3.0.0 before 3.0.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an issue in epan/packet.c file. Successful exploitation allows attackers to crash the dis ... oval:org.secpod.oval:def:2103894 In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. oval:org.secpod.oval:def:1801475 It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14 Fixed versions: 3.0.2, 2.6.9, 2.4.15 oval:org.secpod.oval:def:1801435 It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14 Fixed versions: 3.0.2, 2.6.9, 2.4.15 oval:org.secpod.oval:def:55044 The host is installed with Wireshark 2.4.0 to 2.4.14, 2.6.0 to 2.6.8 or 3.0.0 to 3.0.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an issue in epan/packet.c file. Successful exploitation allows attackers to crash the dissect ... oval:org.secpod.oval:def:705176 wireshark: network traffic analyzer Wireshark could be made to crash if it received specially crafted network traffic or input files. oval:org.secpod.oval:def:58881 wireshark: network traffic analyzer Wireshark could be made to crash if it received specially crafted network traffic or input files. |