KLA10905 Multiple denial of service vulnerabilities in Wireshark

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. These vulnerabilities can be exploited remotely via a specially designed files or packets.

Below is a complete list of vulnerabilities

1. Lack of certain length values size OpenFlow dissector;
2. Infinite loop at DTN dissector;
3. An improper handling of signature variable state tracking at AllJoyn dissector;
4. An improper private strings handling at DCERPC dissector;
5. Lack of I/O objects restrictions at Profinet I/O dissector.

Original advisories

Wireshark foundation security advisories list

Related products

Wireshark

CVE list

CVE-2016-9376 warning

CVE-2016-9375 warning

CVE-2016-9374 warning

CVE-2016-9373 warning

CVE-2016-9372 warning

Solution

Update to the latest version

Wireshark download page

Impacts

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

• Wireshark 2.2 versions earlier than 2.2.2Wireshark 2.0 versions earlier than 2.0.8