Wireshark 1.2.14 fixes the following vulnerabilities:

• FRAsse discovered that the MAC-LTE dissector could overflow a buffer. (Bug 5530) Versions affected: 1.2.0 to 1.2.13 and 1.4.0 to 1.4.2. CVE-2011-0444
• FRAsse discovered that the ENTTEC dissector could overflow a buffer. (Bug 5539) Versions affected: 1.2.0 to 1.2.13 and 1.4.0 to 1.4.2. CVE-2010-4538

Impact

It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 1.2.14 or later.

If are running Wireshark {{ end_version }} or earlier (including Ethereal) and cannot upgrade, you can work around each of the problems listed above by doing the following:

• Disable the ENTTEC and MAC-LTE dissectors:
  • Select Analyze→Enabled Protocols... from the menu.
  • Make sure "ENTTEC" and "MAC-LTE" are un-checked.
  • Click "Save", then click "OK".