Wireshark ASN.1 BER Dissector DoS Vulnerability - May 13 (Windows) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause denial of service by injecting a malformed packet. Impact Level: Application

Solution

Upgrade to the Wireshark version 1.6.15 or 1.8.7 or later, For updates refer to http://www.wireshark.org/download

Insight

- 'fragment_add_seq_common' function in epan/reassemble.c has an incorrect pointer dereference. - 'dissect_ber_choice' function in epan/dissectors/packet-ber.c does not properly initialize variables.

Affected

Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 on Windows

References

http://secunia.com/advisories/53425
http://www.osvdb.com/93509
http://www.wireshark.org/security/wnpa-sec-2013-25.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3556, CVE-2013-3557

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

AyeView GIF Image Handling Denial of Service Vulnerability
BadBlue invalid GET DoS
CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)
Apple Safari 'WebKit.dll' Stack Consumption Vulnerability

Take action and discover your vulnerabilities