FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Wireshark -- DoS in the BER-based dissectors

Affected packages
1.3 <= wireshark < 1.4.1
1.0 <= wireshark < 1.2.12
1.3 <= wireshark-lite < 1.4.1
1.0 <= wireshark-lite < 1.2.12
1.3 <= tshark < 1.4.1
1.0 <= tshark < 1.2.12
1.3 <= tshark-lite < 1.4.1
1.0 <= tshark-lite < 1.2.12

Details

VuXML ID b2eaa7c2-e64a-11df-bc65-0022156e8794
Discovery 2010-09-16
Entry 2010-11-05

Secunia reports:

A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an infinite recursion error in the "dissect_unknown_ber()" function in epan/dissectors/packet-ber.c and can be exploited to cause a stack overflow e.g. via a specially crafted SNMP packet.

The vulnerability is confirmed in version 1.4.0 and reported in version 1.2.11 and prior and version 1.4.0 and prior.

References

CVE Name CVE-2010-3445
URL http://www.wireshark.org/lists/wireshark-announce/201010/msg00001.html
URL http://www.wireshark.org/lists/wireshark-announce/201010/msg00002.html