Saturday, April 13, 2024

Wireshark 4.0.6 Released – Fix for 9 vulnerabilities

Wireshark is a free and open-source network packet analyzer used by people worldwide. It has a wide range of uses when it comes to packet analysis.

The original name of Wireshark is “Ethreal” released by Gerald Combs in late 1997.

With the current release, the latest version of Wireshark is 4.0.6. However, as stated by Wireshark, the official 32-bit Windows packages are no longer shipped.

For users who wish to use Wireshark in 32-bit Windows, it is recommended to go with the latest 3.6 release.

Vulnerabilities Fixed in Wireshark 4.0.6

Wireshark has fixed 9 existing vulnerabilities in the new release.

An attacker can exploit this vulnerability by sending a specially crafted payload file. When opened by Wireshark, this file can crash the application and result in potential code execution. 

  • CVE-2023-2857 – Heap buffer overflow vulnerability in BLF reader

An attacker can exploit this vulnerability by sending a maliciously crafted BLF file that affects the blf_pull_logcontainer_into_memory() function. This can result in arbitrary code execution. 

  • GDSDB dissector infinite loop

An attacker can exploit this vulnerability by sending a malicious packet which results in excessive CPU resource usage by Wireshark,

  • CVE-2023-2858 – Heap Buffer Overflow in nstrace_read_v10 Function

An attacker can exploit this vulnerability by sending a malicious packet file that executes an arbitrary code or results in a DoS for Wireshark that crashes the application.

  • CVE-2023-2856 – Stack Buffer Overflow in parse_vms_packet Function

An attacker can exploit this vulnerability by sending a malicious file to wireshark that is read by the parse_vms_packet function resulting in the crash of Wireshark. Alternatively, it can also result in arbitrary code.

  • CVE-2023-2854 – Heap Buffer Overflow blf_read_apptextmessage Function

This vulnerability exists in the blf_read_apptextmessage function of the Wireshark BLF plugin, which can be exploited by sending a crafted string resulting in arbitrary code execution.

The RTPS (Real-Time Publish-Subscribe) packet in the Wireshark version 4.0.5 and earlier does not validate the length in the rtps_util_add_type_library_type.

An attacker can exploit this by sending a large file to this function resulting in a heap buffer overflow vulnerability that can also lead to code execution.

The global buffer conf_phasor_type has an out-of-bounds read capability that does not validate the length of the IEEE-C37.118 packet sent by an attacker, resulting in a heap-based buffer overflow and can lead to arbitrary code execution.

  • XRA dissector infinite loop

An attacker can exploit this vulnerability by sending a malicious packet which, when read by Wireshark, can result in a crash of the application.

Along with these vulnerabilities, several bugs in the Wireshark application have also been fixed in the recent release. 

Protocol update

In addition to these bugs and vulnerability fixes, Wireshark has also added some protocol support. The current version supports protocols like,

  • batadv
  • BFCP
  • CommunityID
  • COSE
  • H.265
  • HTTP
  • ILP
  • NNTP
  • NR RRC
  • QUIC
  • RTPS
  • Synphasor
  • TCP
  • UDS
  • ULP
  • and XRA

For more information on the release, visit the Wireshark 4.0.6 release notes page.

Shut Down Phishing Attacks with Device Posture Security – Download Free E-Book


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles