Fwd: [CIVN-2020-0261] Denial of Service Vulnerability in Wireshark

Severity Rating: HIGH

Software Affected

Wireshark versions 3.2.0 to 3.2.4

Overview

A vulnerability has been reported in Wireshark which could allow a remote

attacker to cause denial of service conditions on a targeted system.

Description

This vulnerability exists in Wireshark due to an error in file

packet-gvcp.c which may cause an infinite loop. A remote attacker could

exploit this vulnerability by injecting a malformed packet onto the wire or

by convincing the user to read a malformed packet trace file.

Successful exploitation of this vulnerability could allow the attacker to

cause denial of service conditions on the targeted system due to excessive

consumption of CPU resources.

Solution

Upgrade to Wireshark version 3.2.5 .

Vendor Information

Wireshark

https://www.wireshark.org/security/wnpa-sec-2020-09.html

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029

References

CyberSecurityHelp

https://www.cybersecurity-help.cz/vdb/SB2020070302

CVE Name

CVE-2020-15466

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0261] Denial of Service Vulnerability in Wireshark

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive