SB2016100405 - Denial of service in Wireshark

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016100405

SB2016100405 - Denial of service in Wireshark

Published: October 4, 2016

Security Bulletin ID SB2016100405
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Denial of service (CVE-ID: N/A)

The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient input validation. By transmitting a specially crafted data packets to the target system or convincing a victim to open a crafted packet trace file, attackers can cause Wireshark Bluetooth L2CAP dissector to crash.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.

2) Denial of service (CVE-ID: N/A)

The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient input validation. By transmitting a specially crafted data packets to the target system or convincing a victim to open a crafted packet trace file, attackers can cause NCP dissector to crash.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.

Remediation

Install update from vendor's website.

References