Wireshark updates fix DoS vulnerabilities
The Wireshark development team has released versions 1.4.12 and 1.6.6 of its open source network protocol analyser; these are maintenance updates that focus on fixing bugs and closing security holes found in the previous builds. The updates to the cross-platform tool address several vulnerabilities that could be exploited by an attacker to cause a denial-of-service (DoS) condition.
These include a memory allocation flaw in the MP2T dissector that could cause it to allocate too much memory, a bug when trying to read ERF data using the pcap and pcap-ng file parsers, and a problem in the ANSI A dissector. For an attack to be successful, an attacker must inject a malformed packet onto the wire or convince a victim to read a malformed packet trace file. Versions 1.4.0 to 1.4.11 and 1.6.0 to 1.6.5 are affected; upgrading to the new releases corrects these problems. Another security bug affecting only the 1.6.x branch that could cause the IEEE 802.11 dissector to go into an infinite loop causing Wireshark to crash has also been fixed.
Further information about the updates, including a full list of bug fixes, can be found in the 1.4.12 and 1.6.6 release notes. Versions 1.6.6 and 1.4.12 of Wireshark are available to download from the project's site. Source code for Wireshark is licensed under the GPLv2.
- Wireshark ANSI A dissector crash, a Wireshark security advisory.
- Wireshark 802.11 infinite loop, a Wireshark security advisory.
- Wireshark pcap and pcap-ng file format crash, a Wireshark security advisory.
- Wireshark MP2T memory allocation flaw, a Wireshark security advisory.