Wireshark contains an unsigned integer wrap vulnerability that may occur when parsing Endace Extensible Record Format (ERF) files.
Wireshark is a protocol analyzer that can open or import previously saved files. When processing an Endace ERF file an unsigned integer wrap vulnerability may cause Wireshark to allocate a very large buffer. To exploit this issue, an attacker would have to convince a user to open a crafted ERF file using Wireshark.
This issue also affects Tshark, the console version of Wireshark.
A remote attacker can cause Wireshark to crash. It may be possible, although unlikely, for an attacker to execute arbitrary code. Exploiting the vulnerability could result in a NULL pointer dereference, which can lead to code execution on certain platforms.
|Temporal||0||E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)|
|Environmental||0||CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)|
This issue was discovered by Ryan Giobbi.
This document was written by Ryan Giobbi and Art Manion.
|Date First Published:||2009-10-05|
|Date Last Updated:||2009-11-25 00:09 UTC|