The Wireshark team has patched a number of severe vulnerabilities which could be exploited to force a system crash and denial-of-service (DoS) state.
Over the weekend, the team responsible for keeping the security of the open-source packet analyzer up to scratch issued security advisories describing the bugs.
Tracked as CVE-2018-16056, CVE-2018-16057, and CVE-2018-16058, the three bugs have the potential to cause serious disruption to users of the popular software running versions 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16.
The first vulnerability, CVE-2018-16056, is a vulnerability present in the Bluetooth Attribute Protocol (ATT) dissector component of Wireshark.
The epan/dissectors/packet-btatt.c source code file of Wireshark does not verify that a dissector for a specific universally unique identifier (UUID) exists which permits unauthenticated, remote attackers to send crafted packets into a network, causing the component to crash.
In addition, threat actors could convince a user to open a malformed packet, leading to the same consequences.
The second vulnerability, CVE-2018-16057 is a security flaw in the Radiotap dissector component of Wireshark.
According to Cisco’s security advisory, there are insufficient bound checks in the component’s source file, which can be exploited through the use of malformed packets.
Unauthenticated, remote attackers can harness this security flaw to cause a DoS condition on a target system.
The final security flaw, CVE-2018-16058, was found within the Wireshark Audio/Video Distribution Transport Protocol (AVDTP) dissector.
The epan/dissectors/packet-btavdtp.c source code file of the affected software improperly initializes a data structure, leading to the possibility of malicious packets exploiting the system and causing a crash.
Proof-of-concept (PoC) code has been released to the public which demonstrates how to exploit each of the security vulnerabilities.
The Wireshark team has acknowledged the existence of the security flaws and has released software updates to resolve the issues.
Users of Wireshark should update their software builds to versions 2.6.3, 2.4.9, 2.2.17 or later to protect themselves from the risk of exploit.
Previous and related coverage