The DTLS dissector in Wireshark 1.6.x prior to 1.6.14 and 1.8.x prior to 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote malicious users to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wireshark wireshark 1.8.3 |
||
wireshark wireshark 1.8.4 |
||
wireshark wireshark 1.8.1 |
||
wireshark wireshark 1.8.2 |
||
wireshark wireshark 1.8.5 |
||
wireshark wireshark 1.8.0 |
||
debian debian linux 7.0 |
||
opensuse opensuse 12.2 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.1 |
||
wireshark wireshark 1.6.7 |
||
wireshark wireshark 1.6.8 |
||
wireshark wireshark 1.6.5 |
||
wireshark wireshark 1.6.6 |
||
wireshark wireshark 1.6.13 |
||
wireshark wireshark 1.6.0 |
||
wireshark wireshark 1.6.1 |
||
wireshark wireshark 1.6.9 |
||
wireshark wireshark 1.6.10 |
||
wireshark wireshark 1.6.2 |
||
wireshark wireshark 1.6.3 |
||
wireshark wireshark 1.6.4 |
||
wireshark wireshark 1.6.11 |
||
wireshark wireshark 1.6.12 |