This script is Copyright (C) 2017 Tenable Network Security, Inc.
An application installed on the remote Windows host is affected by
multiple denial of service vulnerabilities.
The version of Wireshark installed on the remote Windows host is 2.0.x
prior to 2.0.10 or 2.2.x prior to 2.2.4. It is, therefore, affected by
multiple denial of service vulnerabilities :
- A denial of service vulnerability exists when handling
DHCPv6 packets due to an integer overflow condition in
file epan/dissectors/packet-dhcpv6.c. An
unauthenticated, remote attacker can exploit this to
cause the program to enter a large loop that consumes
excessive CPU resources. (VulnDB 150784)
- A denial of service vulnerability exists in the
asterix_fspec_len() function within file
epan/dissectors/packet-asterix.c due to an infinite loop
flaw that is triggered because certain input is
improperly validated. An unauthenticated, remote
attacker can exploit this to consume excessive CPU
resources. (VulnDB 150785)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Wireshark version 2.0.10 / 2.2.4 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now