wnpa-sec-2010-12 · ASN.1 BER vulnerability in Wireshark
Name: ASN.1 BER vulnerability in Wireshark
Date: October 11, 2010
Affected versions: 1.4.0
Fixed versions: 1.4.1
Wireshark 1.4.1 fixes the following vulnerability:
The Penetration Test Team of NCNIPC (China) discovered that the
ASN.1 BER dissector was susceptible to a stack overflow.
Bug 5230) Versions affected: All previous versions up to and including 1.2.11 and 1.4.0. CVE-2010-3445
It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Upgrade to Wireshark 1.4.1 or later. Due to the nature of these bugs we do not recommend trying to work around the problem by disabling dissectors.