Denial of service in Wireshark - #VU937
Published: October 13, 2016 / Updated: April 4, 2018
Vulnerability identifier: #VU937
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Wireshark.org
Affected software:
Wireshark
Wireshark
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient input validation. By transmitting a specially crafted data packets to the target system or convincing a victim to open a crafted packet trace file, attackers can cause NCP dissector to crash.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
The weakness is due to insufficient input validation. By transmitting a specially crafted data packets to the target system or convincing a victim to open a crafted packet trace file, attackers can cause NCP dissector to crash.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
Remediation
Update to version 2.2.1 or later.