wnpa-sec-2010-12 · ASN.1 BER vulnerability in Wireshark


Name: ASN.1 BER vulnerability in Wireshark

Docid: wnpa-sec-2010-12

Date: October 11, 2010

Affected versions: 1.4.0

Fixed versions: 1.4.1



Wireshark 1.4.1 fixes the following vulnerability:

  • The Penetration Test Team of NCNIPC (China) discovered that the ASN.1 BER dissector was susceptible to a stack overflow. (Bug 5230) Versions affected: All previous versions up to and including 1.2.11 and 1.4.0. CVE-2010-3445


It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.


Upgrade to Wireshark 1.4.1 or later. Due to the nature of these bugs we do not recommend trying to work around the problem by disabling dissectors.