KLA11463 Multiple vulnerabilities in Wireshark

2019-04-0800:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.9

Confidence

High

EPSS

0.003

Percentile

68.6%

Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

Infinite loop vulnerability in GSUP dissector can be exploited remotely via specially designed packet to cause denial of service.
Infinite loop vulnerability in IEEE 802.11 dissector can be exploited remotely via specially designed packet to cause denial of service.
Denial of service vulnerability related to TSDNS dissector can be exploited remotely via specially designed packet.
Infinite loop vulnerability in Rbm dissector can be exploited remotely via specially designed packet to cause denial of service.