Lucene search

K
kasperskyKaspersky LabKLA11311
HistoryAug 29, 2018 - 12:00 a.m.

KLA11311 Multiple DoS vulnerabilities in Wireshark

2018-08-2900:00:00
Kaspersky Lab
threats.kaspersky.com
585

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.004

Percentile

73.9%

Multiple serious vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in the Bluetooth AVDTP dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  2. An unspecified vulnerability in the Bluetooth Attribute Protocol dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  3. An unspecified vulnerability in the Radiotap dissector can be exploited remotely via malformed packet trace file to cause denial of service.

Original advisories

wnpa-sec-2018-44

wnpa-sec-2018-45

wnpa-sec-2018-46

Related products

Wireshark

CVE list

CVE-2018-16058 warning

CVE-2018-16056 warning

CVE-2018-16057 warning

Solution

Update to the latest version

Get Wireshark

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Wireshark 2.6.x earlier than 2.6.3Wireshark 2.4.x earlier than 2.4.9Wireshark 2.2.x earlier than 2.2.17

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.004

Percentile

73.9%