Vigil@nce - Wireshark: denial of service via Frame Metadissector
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious packet to Wireshark, in order to
trigger a denial of service.
Impacted products: Wireshark
Severity: 1/4
Creation date: 13/06/2014
DESCRIPTION OF THE VULNERABILITY
The Wireshark program captures and displays network packets.
Protocols are decoded by dissectors.
However, the get_hfi_and_length() function of the epan/proto.c
file does not correctly detect the remaining size of a TVB.
An attacker can therefore send a malicious packet to Wireshark, in
order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-denial-of-service-via-Frame-Metadissector-14899