Wireshark exists serious vulnerability that cause system to crashes

According to reports, the Wireshark team has patched a number of serious vulnerabilities that could be exploited to force system crashes and DoS.

In the analysis report provided by Cisco, it stated that the three vulnerabilities CVE-2018-16056, CVE-2018-16057 and CVE-2018-16058 are likely to run versions 2.6.0 to 2.6.2, 2.4.0 to 2.4. Users of .8 and 2.2.0 to 2.2.16 Wireshark cause serious interference. The first vulnerability, CVE-2018-16056, is a vulnerability in Wireshark’s Bluetooth Attribute Protocol (ATT) parser component. Wireshark’s epan/dissectors/packet-btatt.c source code file does not verify the existence of a specific Universally Unique Identifier (UUID) resolver, allowing unauthenticated remote attackers to send elaborate packets to the network. This causes the component to crash. In addition, an attacker can trick a user into opening a malformed packet, which can have the same consequences.

The second vulnerability, CVE-2018-16057, is a security vulnerability in Wireshark’s Radiotap parser component. There are not enough binding checks in the component’s source file, which can be exploited by using malformed packets, which can be exploited by unauthenticated remote attackers to cause DoS on the target system.

Another vulnerability, CVE-2018-16058, was found in the Wireshark Audio/Video Distribution Transport Protocol (AVDTP) parser. The epan/dissectors/packet-btavdtp.c source code file incorrectly initializes the data structure, causing malicious packets to take advantage of the system and cause a system crash.

Proof of Concept (PoC) code has been released to the public to demonstrate how to exploit these security vulnerabilities.

The Wireshark team acknowledged the existence of these security vulnerabilities and has released a software update to resolve the issue. Wireshark users should update their software version to version 2.6.3, 2.4.9, 2.2.17 or higher to protect themselves from the risk of exploits.