At least 5 vulnerabilities have been detected in the popular Wireshark packet parser. According to the report, the successful exploitation of these flaws would allow the deployment of multiple hacking tasks.
Below are brief reports of the detected flaws, in addition to their respective scores assigned according to the Common Vulnerability Scoring System (CVSS). It is worth mentioning that these flaws have not received a CVE identifier.
No CVE key: An infinite loop in the RTMPT disconnect would allow remote threat providers to send specially crafted packets over the network, consume all available system resources, and cause a denial-of-service (DoS) condition.
The flaw received a CVSS score of 6.5/10.
No CVE key: Multiple loops in various dissectors, including AMP and ATN-ULCS would allow remote attackers to send specially crafted packets over the network, consuming the resources of the target system and creating a DoS condition.
This vulnerability received a CVSS score of 6.5/10.
No CVE key: Insufficient validation of user-provided inputs in the PVFS dissector would allow malicious hackers to send specially crafted packets over the network and lead to a DoS condition.
The flaw received a CVSS score of 6.5/10.
No CVE key: Insufficient validation of user-provided inputs in the CSN.1 dissector would allow malicious hackers to send specially crafted packets over the network and perform DoS attacks.
The flaw received a CVSS score of 6.5/10.
No CVE key: Insufficient validation of user-provided input in the CMS dissector would have allowed remote attackers to send specially crafted packets and deploy DoS attacks.
While these flaws can be exploited remotely by unauthenticated threat actors, no active exploitation attempts have been detected so far. Still, it will be best to apply the available updates.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.