wnpa-sec-2010-08 · Multiple vulnerabilities in Wireshark


Name: Multiple vulnerabilities in Wireshark

Docid: wnpa-sec-2010-08

Date: July 29, 2010

Affected versions: 1.2.0 up to and including 1.2.9

Fixed versions: 1.2.10



Wireshark 1.2.10 fixes the following vulnerabilities:

  • The SigComp Universal Decompressor Virtual Machine could overrun a buffer. (Bug 4867)
    Versions affected: 0.10.8 to 1.0.14, 1.2.0 to 1.2.9
  • Due to a regression the ASN.1 BER dissector could exhaust stack memory. (Bug 4984)
    Versions affected: 0.10.13 to 1.0.14, 1.2.0 to 1.2.9
  • The GSM A RR dissector could crash. (Bug 4897)
    Versions affected: 1.2.2 to 1.2.9 CVE-2010-2992
  • The IPMI dissector could go into an infinite loop. (Bug 5053)
    Versions affected: 1.2.0 to 1.2.9 CVE-2010-2993


It may be possible to make Wireshark crash, hang, or execute code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.


Upgrade to Wireshark 1.2.10 or later. Due to the nature of these bugs we do not recommend trying to work around the problem by disabling dissectors.