Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Wireshark 1.8.9 and 1.10.1 Security Update SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Wireshark 1.8.9 and 1.10.1 Security Update

Wireshark fixes the following security issues to both versions.

The following dissector could go into a large loop in both versions:

Bluetooth SDP (CVE-2013-4927)
DIS ( CVE-2013-4929)
GSM RR (CVE-2013-4931)

The following parsers/dissectors could crash:

DVB-CI (CVE-2013-4930)
GSM A Common (CVE-2013-4932)
Netmon (CVE-2013-4933 and CVE-2013-4934)
ASN.1 PER (CVE-2013-4935)

The following parsers/dissectors could crash (applies to 1.10.1 only):

DCP ETSI (CVE-2013-4083)
P1 (CVE-2013-4920)
Radiotap (CVE-2013-4921)
DCOM ISystemActivator (CVE-2013-4922, CVE-2013-4923, CVE-2013-4924, CVE-2013-4925, CVE-2013-4926)
Bluetooth OBEX (CVE-2013-4928)
PROFINET (CVE-2013-4936)

Several other bugs have been fixed. A complete list for version 1.8.9 is available here and version 1.10.1 is available here.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu


451 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!