Vulnerability Note VU#676492
Wireshark Endace ERF unsigned integer wrap vulnerability
Wireshark contains an unsigned integer wrap vulnerability that may occur when parsing Endace Extensible Record Format (ERF) files.
Wireshark is a protocol analyzer that can open or import previously saved files. When processing an Endace ERF file an unsigned integer wrap vulnerability may cause Wireshark to allocate a very large buffer. To exploit this issue, an attacker would have to convince a user to open a crafted ERF file using Wireshark.
This issue also affects Tshark, the console version of Wireshark.
A remote attacker can cause Wireshark to crash. It may be possible, although unlikely, for an attacker to execute arbitrary code. Exploiting the vulnerability could result in a NULL pointer dereference, which can lead to code execution on certain platforms.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Wireshark||Affected||-||05 Oct 2009|
CVSS Metrics (Learn More)
This issue was discovered by Ryan Giobbi.
This document was written by Ryan Giobbi and Art Manion.
- CVE IDs: Unknown
- Date Public: 15 Sep 2009
- Date First Published: 05 Oct 2009
- Date Last Updated: 24 Nov 2009
- Severity Metric: 1.28
- Document Revision: 27
If you have feedback, comments, or additional information about this vulnerability, please send us email.