A report by vulnerability testing specialists reveals the presence of at least four security flaws in the Wireshark protocol analyzer. According to the report, exploiting these flaws could lead to a variety of scenarios, such as the leaking of sensitive information or deploying denial-of-service (DoS) attacks.
Below is a brief report on the four flaws detected detailing their severity level, attack scenarios and consequences for affected users.
Input validation error: This failure exists due to insufficient validation of the inputs supplied in the WideGuard dissector. An unauthenticated remote threat actor could exploit this failure by sending a specially crafted request to the affected application to generate a denial of service (DoS) condition.
This flaw is considered low severity, and is present in Wireshark versions 3.2.0 and 3.2.1. Until now, no cases of exploitation have been reported in the wild.
Input validation flaw: This is a second input validation vulnerability that allows an unauthenticated remote hacker to generate a condition (DoS) by sending specially designed requests to the target application. On this occasion, vulnerability testing specialists point out that the flaw exists due to insufficient validation of user-submitted input in the EAP dissector.
This vulnerability is considered low severity, as its exploitation is highly complex. In addition, most versions of Wireshark that continue to receive support are vulnerable.
Memory Leaking: This vulnerability exists due to memory leakage in the LTE RRC dissector. The vulnerability testing report mentions that this flaw allows an unauthenticated remote hacker to deploy a DoS attack on the target system. The flaw is considered medium severity, and is present in most versions of Wireshark.
Input validation flaw: Specialists detected a third input validation vulnerability that allows the deployment of a DoS attack. The flaw, considered low severity, can be exploited remotely by sending specially designed requests. The vulnerability is present in most versions of Wireshark.
According to the International Institute of Cyber Security (IICS), all detected vulnerabilities have already been reported to Wireshark maintainers, who announced the release of the required security patches as soon as possible. While failures are not yet considered critical, exploit scenarios remain in effect, so administrators are encouraged to update their deployments.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.