Security News > 2018 > August > Wireshark can be crashed via malicious packet trace files

Wireshark can be crashed via malicious packet trace files
2018-08-31 16:01

The Wireshark team has plugged three serious vulnerabilities that could allow an unauthenticated, remote attacker to crash vulnerable installations. According to Cisco researchers, proof-of-concept (PoC) code that demonstrates an exploit of each of the vulnerabilities is publicly available. About the Wireshark DoS vulnerabilities Wireshark is the world’s most popular network protocol analyzer. The software is free and open source. The vulnerabilities – CVE-2018-16056, CVE-2018-16057 and CVE-2018-16058 – affect three components of Wireshark: the Bluetooth Attribute … More → The post Wireshark can be crashed via malicious packet trace files appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Hg14eNKH3uU/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-08-30 CVE-2018-16056 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash.
network
low complexity
wireshark debian
7.5
2018-08-30 CVE-2018-16057 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash.
network
low complexity
wireshark debian
7.5
2018-08-30 CVE-2018-16058 Improper Initialization vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash.
network
low complexity
wireshark debian CWE-665
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wireshark 1 55 308 209 19 591