Denial of service in Wireshark - #VU935
Published: October 12, 2016 / Updated: April 4, 2018
Vulnerability identifier: #VU935
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Wireshark.org
Affected software:
Wireshark
Wireshark
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient input validation. By transmitting a specially crafted data packets to the target system or convincing a victim to open a crafted packet trace file, attackers can cause Wireshark Bluetooth L2CAP dissector to crash.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
The weakness is due to insufficient input validation. By transmitting a specially crafted data packets to the target system or convincing a victim to open a crafted packet trace file, attackers can cause Wireshark Bluetooth L2CAP dissector to crash.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
Remediation
Update to version 2.2.1 or later.