Wireshark X.509sat dissector denial of service
| wireshark-x509sat-dissector-dos (41514) |  Low Risk |
Description:
Wireshark (formerly Ethereal) is vulnerable to a denial of service, caused by an unspecified error in the X.509sat dissector. By persuading a victim to open a malformed trace file or by sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause the consumption of all available memory resources or cause the application to crash.
Platforms Affected:
- Wireshark, Wireshark 0.99.5 - 0.99.8
Remedy:
Refer to wnpa-sec-2008-02 for patch, upgrade or suggested workaround information. See References.
Consequences:
Denial of Service
References:
- wnpa-sec-2008-02, Multiple problems in Wireshark®versions 0.99.2 to 0.99.8 at http://www.wireshark.org/security/wnpa-sec-2008-02.html.
- FrSIRT/ADV-2008-1007: Wireshark Data Processing Remote Denial of Service Vulnerabilities
- SA29569: Wireshark Multiple Denial of Service Vulnerabilities
Reported:
Mar 28, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net