Security News > 2018 > August > Wireshark can be crashed via malicious packet trace files
2018-08-31 16:01
The Wireshark team has plugged three serious vulnerabilities that could allow an unauthenticated, remote attacker to crash vulnerable installations. According to Cisco researchers, proof-of-concept (PoC) code that demonstrates an exploit of each of the vulnerabilities is publicly available. About the Wireshark DoS vulnerabilities Wireshark is the world’s most popular network protocol analyzer. The software is free and open source. The vulnerabilities – CVE-2018-16056, CVE-2018-16057 and CVE-2018-16058 – affect three components of Wireshark: the Bluetooth Attribute … More → The post Wireshark can be crashed via malicious packet trace files appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Hg14eNKH3uU/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-30 | CVE-2018-16056 | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. | 7.5 |
| 2018-08-30 | CVE-2018-16057 | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. | 7.5 |
| 2018-08-30 | CVE-2018-16058 | Improper Initialization vulnerability in multiple products In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. | 7.5 |