Kaspersky LabKLA10649KLA10649 Denial of service vulnerabilities in Wireshark
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.9 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.1%
An unspecified vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed file or network packet.
Technical details
This vulnerability related to next conditions:
- Adding item to protocol tree;
- Ptvcursor length checking;
- WCCP, OpenFlow, GSM RLC/MAC, ZigBee, WaveAgent dissectors acting;
- Attempt to free invalid memory;
- Searching protocol dissector.
As result of exploitation there are two kinds DoS: crash or consume excessive CPU resources.
Original advisories
Related products
CVE list
CVE-2015-6246 warning
CVE-2015-6245 warning
CVE-2015-6241 warning
CVE-2015-6242 warning
CVE-2015-6248 warning
CVE-2015-6247 warning
CVE-2015-6249 warning
CVE-2015-6244 warning
CVE-2015-6243 warning
Solution
Update to the latest version
Impacts
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- Wireshark versions earlier than 1.12.7
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.9 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.1%