Wireshark: Denial of Service — GLSA 200803-32

Multiple Denial of Service vulnerabilities have been discovered in Wireshark.

Affected Packages

net-analyzer/wireshark on all architectures
Affected versions < 0.99.8
Unaffected versions >= 0.99.8

Background

Wireshark is a network protocol analyzer with a graphical front-end.

Description

Multiple unspecified errors exist in the SCTP, SNMP, and TFTP dissectors.

Impact

A remote attacker could cause a Denial of Service by sending a malformed packet.

Workaround

Disable the SCTP, SNMP, and TFTP dissectors.

Resolution

All Wireshark users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.8"

References

Release Date
March 24, 2008

Latest Revision
March 24, 2008: 01

Severity
normal

Exploitable
remote

Bugzilla entries