SB2016100405 - Denial of service in Wireshark
Published: October 4, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Denial of service (CVE-ID: N/A)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient input validation. By transmitting a specially crafted data packets to the target system or convincing a victim to open a crafted packet trace file, attackers can cause Wireshark Bluetooth L2CAP dissector to crash.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
2) Denial of service (CVE-ID: N/A)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient input validation. By transmitting a specially crafted data packets to the target system or convincing a victim to open a crafted packet trace file, attackers can cause NCP dissector to crash.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
Remediation
Install update from vendor's website.