wnpa-sec-2010-07 · Vulnerabilities in Wireshark


Name: Vulnerabilities in Wireshark

Docid: wnpa-sec-2010-07

Date: July 29, 2010

Affected versions: {{ start_version }} up to and including {{ end_version }}

Fixed versions: 1.0.15

Related: wnpa-sec-2010-08 (Multiple vulnerbilities in Wireshark version 1.2.0 to 1.2.9 )



Wireshark 1.0.15 fixes the following vulnerabilities:

  • The SigComp Universal Decompressor Virtual Machine could overrun a buffer. (Bug 4867)
    Versions affected: 0.10.8 to 1.0.14, 1.2.0 to 1.2.9
  • Due to a regression the ASN.1 BER dissector could exhaust stack memory. (Bug 4984)
    Versions affected: 0.10.13 to 1.0.14, 1.2.0 to 1.2.9


It may be possible to make Wireshark crash, hang, or execute code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.


Upgrade to Wireshark 1.0.15 or later. Due to the nature of these bugs we do not recommend trying to work around the problem by disabling dissectors.