logo
DATABASE RESOURCES PRICING ABOUT US

Wireshark 3.4.x < 3.4.11 Multiple Vulnerabilities (macOS)

Description

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.4.11. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.4.11 advisory. - The Gryphon dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2021-4186) - The RTMPT dissector could go into an infinite loop. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2021-4185) - The BitTorrent DHT dissector could go into an infinite loop. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2021-4184) - The RFC 7468 file parser could go into an infinite loop. It may be possible to make Wireshark consume excessive CPU resources by convincing someone to read a malformed packet trace file. (CVE-2021-4182) - The Sysdig Event dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2021-4181) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related