PROBLEM:
Wireshark Multiple Bugs Let Remote Users Deny Service
PLATFORM:
1.4.0 to 1.4.12, 1.6.0 to 1.6.7
ABSTRACT:
Several vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.
Reference Links:
SecurityTracker Alert ID: 1027094
CVE-2012-2392
CVE-2012-2393
CVE-2012-2394
IMPACT ASSESSMENT:
Medium
Discussion:
A remote user can send specially crafted ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 data to cause Wireshark to hang or enter an infinite loop.
A remote user can cause the DIAMETER dissector to crash.
A remote user can trigger a memory error on SPARC or Itanium processors and cause Wireshark to crash.
Impact:
A remote user can cause Wireshark to hang or crash.
Solution:
The vendor has issued a fix (1.4.13, 1.6.8).