Summary
This host is installed with Wireshark and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause application crash, consume memory or heap-based buffer overflow.
Impact Level: Application
Solution
Upgrade to the Wireshark version 1.8.8 or later,
For updates refer to http://www.wireshark.org/download
Insight
Multiple flaws due to erros in,
- 'epan/dissectors/packet-gmr1_bcch.c' in GMR-1 BCCH dissector - dissect_iphc_crtp_fh() function in 'epan/dissectors/packet-ppp.c' in PPP dissector
- Array index error in NBAP dissector
- 'epan/dissectors/packet-rdp.c' in the RDP dissector - dissect_schedule_message() function in 'epan/dissectors/packet-gsm_cbch.c' in GSM CBCH dissector
- dissect_r3_upstreamcommand_queryconfig() function in 'epan/dissectors/packet-assa_r3.c' in Assa Abloy R3 dissector - vwr_read() function in 'wiretap/vwr.c' in Ixia IxVeriWave file parser
Affected
Wireshark 1.8.x before 1.8.8 on Windows
References
Severity
Classification
-
CVE CVE-2013-4075, CVE-2013-4076, CVE-2013-4077, CVE-2013-4078, CVE-2013-4079, CVE-2013-4080, CVE-2013-4082 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)
- EtherApe RPC Packet Processing Denial of Service Vulnerability
- FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
- ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
- Denial Of Service Vulnerability in PHP April-09