Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Multiple DoS Vulnerabilities in Wireshark SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Multiple DoS Vulnerabilities in Wireshark
Wireshark is reported to have multiple vulnerabilities that could cause it to crash or use up memory when reading a crafted packet. Versions affected are 0.9.8 up to and including 0.99.3.

The HTTP, LDAP, XOT, WBXML, and MIME Multipart dissectors are affected. If AirPcap support is enabled, parsing a WEP key could also sometimes cause it to crash.   

Solution is to upgrade to Wireshark 0.99.4. If not possible, disable HTTP, LDAP, XOT, WBXML, and MIME multipart dissectors.

Note that the advisory is dated 30 Oct 06 and currently, Version 0.99.4 is not available on its download page yet (Thanks to Jim for pointing out this).

Update: (2006-11-01 03:30 UTC) the new version is available.  The download link was messed up for a bit, but that has been fixed.
Koon Yaw

68 Posts
Oct 28th 2006

Sign Up for Free or Log In to start participating in the conversation!