The version of Wireshark installed on the remote Windows host is prior to 3.2.18. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.2.18 advisory.

  - The Bluetooth DHT dissector could crash. It may be possible to make Wireshark crash by injecting a     malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
    (CVE-2021-39929)

  - The Bluetooth SDP dissector could crash. It may be possible to make Wireshark crash by injecting a     malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
    (CVE-2021-39925)

  - The Bluetooth DHT dissector could go into a large loop It may be possible to make Wireshark consume     excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a     malformed packet trace file. (CVE-2021-39924)

  - The C12.22 dissector could crash. It may be possible to make Wireshark crash by injecting a malformed     packet onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2021-39922)

  - The IEEE 802.11 dissector could crash. It may be possible to make Wireshark crash by injecting a malformed     packet onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2021-39928)

  - The Modbuss dissector could crash. It may be possible to make Wireshark crash by injecting a malformed     packet onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2021-39921)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Wireshark 3.2.x < 3.2.18 Multiple Vulnerabilities

high Nessus Plugin ID 155571

Version 1.7