wnpa-sec-2010-12 · ASN.1 BER vulnerability in Wireshark


Name: ASN.1 BER vulnerability in Wireshark

Docid: wnpa-sec-2010-12

Date: October 11, 2010

Affected versions: {{ start_version }}

Fixed versions: 1.4.1

Related: wnpa-sec-2010-11 (ASN.1 BER vulnerability in Wireshark version 1.2.0 to 1.2.11 )



Wireshark 1.4.1 fixes the following vulnerability:

  • The Penetration Test Team of NCNIPC (China) discovered that the ASN.1 BER dissector was susceptible to a stack overflow. (Bug 5230) Versions affected: All previous versions up to and including 1.2.11 and 1.4.0. CVE-2010-3445


It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.


Upgrade to Wireshark 1.4.1 or later. Due to the nature of these bugs we do not recommend trying to work around the problem by disabling dissectors.