We're now a non-profit! Support open source packet analysis by making a donation.

wnpa-sec-2023-29 · NetScreen file parser crash

Summary

Name: NetScreen file parser crash

Docid: wnpa-sec-2023-29

Date: November 15, 2023

Affected versions: 4.0.0 to 4.0.x, 3.6.0 to 3.6.x

Fixed versions: 4.0.x, 3.6.x

References:

Wireshark issue 19404.

Details

Description

The NetScreen file parser could crash. Discovered by Anonymous working with Trend Micro Zero Day Initiative

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 4.0.x, 3.6.x or later.