Overview
Wireshark contains a vulnerability in the HTTP dissector that may allow an attacker to cause a denial of service condition.
Description
Wireshark contains a vulnerability in the HTTP dissector that may allow an attacker to cause a denial of service condition. This vulnerability may be triggered when a remote attacker sends a specially crafted, malformed packet to a vulnerable Wireshark installation or by convincing the user to read a malformed packet trace file with Wireshark. Wireshark states that Wireshark version 0.99.3 is affected. |
Impact
A remote attacker may be able to cause a denial of service condition. |
Solution
Update |
Workaround |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.wireshark.org/security/wnpa-sec-2006-03.html
- http://www.securityfocus.com/bid/20762
- http://secunia.com/advisories/22590
- http://secunia.com/advisories/22672/
- http://secunia.com/advisories/22692/
- http://secunia.com/advisories/22797/
- http://secunia.com/advisories/22841/
- http://secunia.com/advisories/22929/
- http://secunia.com/advisories/23096/
Acknowledgements
This vulnerability was reported in Wireshark Document wnpa-sec-2006-03.
This document was written by Katie Steiner.
Other Information
| CVE IDs: | CVE-2006-5468 |
| Severity Metric: | 11.39 |
| Date Public: | 2006-10-27 |
| Date First Published: | 2007-01-02 |
| Date Last Updated: | 2007-01-02 20:39 UTC |
| Document Revision: | 17 |