wnpa-sec-2009-09 · Multiple vulnerabilities in Wireshark


Name: Multiple vulnerabilities in Wireshark

Docid: wnpa-sec-2009-09

Date: December 17, 2009

Affected versions: {{ start_version }} up to and including {{ end_version }}

Fixed versions: 1.2.5



Wireshark 1.2.5 fixes the following vulnerabilities:

  • The Daintree SNA file parser could overflow a buffer. (Bug 4294)
    Versions affected: 1.2.0 to 1.2.4 CVE-2009-4376
  • The SMB and SMB2 dissectors could crash. (Bug 4301)
    Versions affected: 0.9.0 to 1.2.4 CVE-2009-4377
  • The IPMI dissector could crash on Windows. (Bug 4319)
    Versions affected: 1.2.0 to 1.2.4 CVE-2009-4378


It may be possible to make Wireshark crash remotely or by convincing someone to read a malformed packet trace file.


Upgrade to Wireshark 1.2.5 or later. Due to the nature of the Daintree SNA vulnerability, there is no workaround.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE $29.95/yr
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
  • • Fully integrated with Wireshark and AirPcap™
Buy $29.95 Annual Subscription Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance
  • • Troubleshoot problems faster
  • • Quickly identify the applications running on your network
  • • Monitor your virtual machine traffic
Learn More

I need to capture wireless traffic...

ANSWER: AirPcap™ 802.11 Packet Capture
  • • WLAN packet capture and transmission
  • • Full 802.11 a/b/g/n support
  • • View management, control and data frames
  • • Multi-channel aggregation (with multiple adapters)
Learn More Buy Now