Multiple Vulnerabilities In Wireshark Could Allow A Denial Of Service Attack
Multiple vulnerabilities in Wireshark could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerabilities are due to improper processing of malformed packets by the affected software. An attacker could exploit these vulnerabilities by transmitting malformed data packets to a targeted system that has the Wireshark application installed or by persuading a user to use the affected software to open a malformed packet trace file. A successful exploit could cause the application to stop functioning properly or to crash, resulting in a DoS condition.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators are advised to monitor affected systems.
CVE Numbers :-
Wireshark has released security advisories at the following links:
Wireshark has released software updates at the following link: Wireshark version 2.4.4 and 2.2.12 or later
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.