oss-sec mailing list archives
CVE request: Wireshark multiple vulnerabilities
From: Agostino Sarubbo <ago () gentoo org>
Date: Wed, 11 Jan 2012 17:19:57 +0100
According to secunia advisory: https://secunia.com/advisories/47494/ : Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system. 1) NULL pointer dereference errors when reading certain packet information can be exploited to cause a crash. 2) An error within the RLC dissector can be exploited to cause a buffer overflow via a specially crafted RLC packet capture file. and according with upstream advisory: 1)http://www.wireshark.org/security/wnpa-sec-2012-01.html Name: Multiple Wireshark file parser vulnerabilities Description: Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats. Impact: It may be possible to make Wireshark crash by convincing someone to read a malformed packet trace file. 2)http://www.wireshark.org/security/wnpa-sec-2012-02.html Name: Wireshark NULL pointer vulnerabilities Description: Wireshark was improperly handling NULL pointers when displaying packet information which could lead to a crash. Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. 3)http://www.wireshark.org/security/wnpa-sec-2012-03.html Name: Wireshark RLC dissector buffer overflow Description: The RLC dissector could overflow a buffer. Impact: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. -- Agostino Sarubbo ago -at- gentoo.org Gentoo/AMD64 Arch Security Liaison GPG: 0x7CD2DC5D
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: Wireshark multiple vulnerabilities Agostino Sarubbo (Jan 11)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 11)
- Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey (Jan 11)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 11)
- Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey (Jan 12)
- Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey (Jan 11)
- Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 12)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 15)
- Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 16)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 17)
- Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 19)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 19)
- Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 11)