Wireshark -- DoS in the BER-based dissectors

2010-09-16T00:00:00
ID B2EAA7C2-E64A-11DF-BC65-0022156E8794
Type freebsd
Reporter FreeBSD
Modified 2010-09-16T00:00:00

Description

Secunia reports:

A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an infinite recursion error in the "dissect_unknown_ber()" function in epan/dissectors/packet-ber.c and can be exploited to cause a stack overflow e.g. via a specially crafted SNMP packet. The vulnerability is confirmed in version 1.4.0 and reported in version 1.2.11 and prior and version 1.4.0 and prior.