Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

wnpa-sec-2008-07 · Multiple problems in Wireshark

Summary

Name: Multiple problems in Wireshark

Docid: wnpa-sec-2008-07

Date: December 10, 2008

Affected versions: 0.99.7 up to and including 1.0.4

Fixed versions: 1.0.5

Details

Description

Wireshark 1.0.5 fixes the following vulnerabilities:

  • The SMTP dissector could consume excessive amounts of CPU and memory. Versions affected: 1.0.4
  • The WLCCP dissector could go into an infinte loop. Versions affected: 0.99.7 to 1.0.4

Impact

It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 1.0.5 or later.

If are running Wireshark {{ end_version }} or earlier (including Ethereal 0.99.0) and cannot upgrade, you can work around each of the problems listed above by doing the following:

  • Disable the SMTP and WLCCP dissectors.
    • Select Analyze→Enabled Protocols... from the menu.
    • Make sure "SMTP" and "WLCCP" are un-checked.
    • Click "Save", then click "OK".