Wireshark contains a vulnerability in the IPSec ESP preference parser that may cause a denial of service condition.
Wireshark contains multiple off-by-one vulnerabilities in the IPSec ESP preference parser when the application has been compiled with ESP decryption support.
This vulnerability may be exploited when the remote attacker sends a specially crafted, malformed packet over the wire or by convincing the user to read a malformed packet trace file.
Wireshark states that Wireshark Version 0.99.2 is affected.
Note: Ethereal has changed its name to Wireshark.
A remote attacker may be able to execute arbitrary code.
Wireshark has released an updated product version. (Wireshark 0.99.3)
Wireshark provides a workaround in security document wnpa-sec-2006-02.
Vendor| Status| Date Notified| Date Updated
Wireshark| | -| 24 Oct 2006
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
This vulnerability was reported in Wireshark document wnpa-sec-2006-02.
This document was written by Katie Steiner.