Wireshark ‘dissectors/asn1/ros/packet-ros-template.c’ Denial of Service Vulnerability

by CIRT Team

Description: In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.

Impact: Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions.

Mitigation: Upgrade to Wireshark 2.2.7 or later.

Reference URL’s:

• http://www.securityfocus.com/bid/98800/info
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9347
• https://www.wireshark.org/security/wnpa-sec-2017-31.html

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts