The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "1.10.6-1", "binary_name": "libwireshark-data" }, { "binary_version": "1.10.6-1", "binary_name": "libwireshark-dev" }, { "binary_version": "1.10.6-1", "binary_name": "libwireshark3" }, { "binary_version": "1.10.6-1", "binary_name": "libwiretap-dev" }, { "binary_version": "1.10.6-1", "binary_name": "libwiretap3" }, { "binary_version": "1.10.6-1", "binary_name": "libwsutil-dev" }, { "binary_version": "1.10.6-1", "binary_name": "libwsutil3" }, { "binary_version": "1.10.6-1", "binary_name": "tshark" }, { "binary_version": "1.10.6-1", "binary_name": "wireshark" }, { "binary_version": "1.10.6-1", "binary_name": "wireshark-common" }, { "binary_version": "1.10.6-1", "binary_name": "wireshark-dbg" }, { "binary_version": "1.10.6-1", "binary_name": "wireshark-dev" }, { "binary_version": "1.10.6-1", "binary_name": "wireshark-doc" } ] }