Wireshark Multiple Vulnerabilities

vendor:

Wireshark

by:

SecurityFocus

7.5

CVSS

HIGH

Information Disclosure and Denial of Service

200, 400

CWE

Product Name: Wireshark

Affected Version From: 2000.9.5

Affected Version To: 1.0.0

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2007

Wireshark Multiple Vulnerabilities

Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues. Exploiting these issues may allow attackers to obtain potentially sensitive information, cause crashes, and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

Mitigation:

Upgrade to the latest version of Wireshark, or apply the appropriate patch.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30020/info

Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues.

Exploiting these issues may allow attackers to obtain potentially sensitive information, cause crashes, and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.5 up to and including 1.0.0. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32006-1.pcap
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32006-2.pcap
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32006-3.pcap