Close
  1. Home
  2. Zero-Day
  3. Denial of Service Vulnerabilities in Wireshark

Denial of Service Vulnerabilities in Wireshark

  • AuthorPosted bycybersoochna
  • Published
  • UpdatedJune 2, 20233:43 pm
Posted by cybersoochna on June 1, 2023. Updated: June 2, 20233:43 pm

Author:  Anonymous   

Source : Internet

Severity Rating: HIGH

Description : Wireshark Vulnerabilities Expose Flaws in Dissectors and File Parsers

Several vulnerabilities have been identified in Wireshark, primarily affecting the RTPS dissector, BLF file parser, VMS TCPIPtrace file parser, NetScaler file parser, Candump log file parser, and IEEE C37.118 Synchrophasor dissector. These vulnerabilities can potentially be exploited by attackers who can manipulate traffic in a specific manner to target the application.

The vulnerabilities stem from flaws within the mentioned dissectors and file parsers, leaving Wireshark susceptible to security breaches. By leveraging these vulnerabilities, an attacker could pass specially crafted traffic to the application, taking advantage of the weaknesses in the affected components.

Users should remain vigilant and ensure that they are running the most up-to-date version of Wireshark to mitigate the risk of potential exploitation. Regularly applying security updates and following best practices for network monitoring and analysis tools will help maintain a secure environment for network traffic analysis.

Impact : Successful exploitation of these vulnerabilities could allow threat actors to make Wireshark crash or consume excessive CPU resources, to cause denial of service conditions on the targeted system.

Mitigation : Upgrade to Wireshark 4.0.6, 3.6.14 or later as per the below advisory from Wireshark:

Ref:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0666

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2854

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0668

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2856

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2858

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2857

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2855

Disclaimer : The information provided herein is on “as is” basis, without warranty of any kind.

Take away :  Upgrade to Wireshark 4.0.6, 3.6.14 or later as per the below advisory from Wireshark

Post Views: 724

Related Stories

Leave a Reply

Your email address will not be published. Required fields are marked *

0 Comments

Stay Informed. Stay Secure. Download CyberSoochna App Today

Copyright CyberSoochna All Rights Reserved.

Follow Us At :

scroll to top