The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x prior to 1.10.14 and 1.12.x prior to 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote malicious users to cause a denial of service (infinite loop) via a crafted packet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle solaris 11.2 |
||
wireshark wireshark 1.12.4 |
||
wireshark wireshark 1.10.8 |
||
wireshark wireshark 1.12.0 |
||
wireshark wireshark 1.10.6 |
||
wireshark wireshark 1.10.9 |
||
wireshark wireshark 1.10.13 |
||
wireshark wireshark 1.10.12 |
||
wireshark wireshark 1.10.10 |
||
wireshark wireshark 1.10.0 |
||
wireshark wireshark 1.12.2 |
||
wireshark wireshark 1.10.3 |
||
wireshark wireshark 1.10.2 |
||
wireshark wireshark 1.10.1 |
||
wireshark wireshark 1.12.1 |
||
wireshark wireshark 1.10.7 |
||
wireshark wireshark 1.10.4 |
||
wireshark wireshark 1.10.14 |
||
wireshark wireshark 1.12.3 |
||
wireshark wireshark 1.10.5 |
||
wireshark wireshark 1.10.11 |