Friday, July 19, 2024

Wireshark 4.0.6 Released – Fix for 9 vulnerabilities

Wireshark is a free and open-source network packet analyzer used by people worldwide. It has a wide range of uses when it comes to packet analysis.

The original name of Wireshark is “Ethreal” released by Gerald Combs in late 1997.

With the current release, the latest version of Wireshark is 4.0.6. However, as stated by Wireshark, the official 32-bit Windows packages are no longer shipped.

For users who wish to use Wireshark in 32-bit Windows, it is recommended to go with the latest 3.6 release.

Vulnerabilities Fixed in Wireshark 4.0.6

Wireshark has fixed 9 existing vulnerabilities in the new release.

An attacker can exploit this vulnerability by sending a specially crafted payload file. When opened by Wireshark, this file can crash the application and result in potential code execution. 

  • CVE-2023-2857 – Heap buffer overflow vulnerability in BLF reader

An attacker can exploit this vulnerability by sending a maliciously crafted BLF file that affects the blf_pull_logcontainer_into_memory() function. This can result in arbitrary code execution. 

  • GDSDB dissector infinite loop

An attacker can exploit this vulnerability by sending a malicious packet which results in excessive CPU resource usage by Wireshark,

  • CVE-2023-2858 – Heap Buffer Overflow in nstrace_read_v10 Function

An attacker can exploit this vulnerability by sending a malicious packet file that executes an arbitrary code or results in a DoS for Wireshark that crashes the application.

  • CVE-2023-2856 – Stack Buffer Overflow in parse_vms_packet Function

An attacker can exploit this vulnerability by sending a malicious file to wireshark that is read by the parse_vms_packet function resulting in the crash of Wireshark. Alternatively, it can also result in arbitrary code.

  • CVE-2023-2854 – Heap Buffer Overflow blf_read_apptextmessage Function

This vulnerability exists in the blf_read_apptextmessage function of the Wireshark BLF plugin, which can be exploited by sending a crafted string resulting in arbitrary code execution.

The RTPS (Real-Time Publish-Subscribe) packet in the Wireshark version 4.0.5 and earlier does not validate the length in the rtps_util_add_type_library_type.

An attacker can exploit this by sending a large file to this function resulting in a heap buffer overflow vulnerability that can also lead to code execution.

The global buffer conf_phasor_type has an out-of-bounds read capability that does not validate the length of the IEEE-C37.118 packet sent by an attacker, resulting in a heap-based buffer overflow and can lead to arbitrary code execution.

  • XRA dissector infinite loop

An attacker can exploit this vulnerability by sending a malicious packet which, when read by Wireshark, can result in a crash of the application.

Along with these vulnerabilities, several bugs in the Wireshark application have also been fixed in the recent release. 

Protocol update

In addition to these bugs and vulnerability fixes, Wireshark has also added some protocol support. The current version supports protocols like,

  • batadv
  • BFCP
  • CommunityID
  • COSE
  • H.265
  • HTTP
  • ILP
  • NNTP
  • NR RRC
  • QUIC
  • RTPS
  • Synphasor
  • TCP
  • UDS
  • ULP
  • and XRA

For more information on the release, visit the Wireshark 4.0.6 release notes page.

Shut Down Phishing Attacks with Device Posture Security – Download Free E-Book


Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles