Dario Lombardo

**Name of the Vulnerable Software and Affected Versions** Wireshark version 3.0.0 **Description** The issue is related to the GSUP dissector in Wireshark, which could enter an infinite loop due to an invalid Information Element length. This is a resource management error that can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Wireshark version 3.0.0, update the GSUP dissector to reject invalid Information Element lengths, as addressed in epan/dissectors/packet-gsm gsup.c.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 2.4.0 through 2.4.12 Wireshark versions 2.6.0 through 2.6.6 **Description** The issue is related to the RPCAP dissector in Wireshark, which could crash due to a NULL conversation dereference. This could potentially allow a remote attacker to cause a denial of service using a specially crafted packet or packet capture file. **Recommendations** For Wireshark versions 2.4.0 through 2.4.12, update to a version where the issue is fixed by avoiding the attempted dereference of a NULL conversation in epan/dissectors/packet-rpcap.c. For Wireshark versions 2.6.0 through 2.6.6, update to a version where the issue is fixed by avoiding the attempted dereference of a NULL conversation in epan/dissectors/packet-rpcap.c. As a temporary workaround, consider disabling the RPCAP dissector until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 2.4.0 through 2.4.15 Wireshark versions 2.6.0 through 2.6.9 Wireshark versions 3.0.0 through 3.0.2 **Description** The issue is related to the ASN.1 BER dissector and related dissectors in Wireshark, which could crash due to a buffer overflow. This could allow a remote attacker to cause a denial of service. The problem was addressed by properly restricting buffer increments in the epan/asn1.c file. **Recommendations** For Wireshark versions 2.4.0 through 2.4.15, update to a version that includes the fix for the buffer overflow issue in the ASN.1 BER dissector. For Wireshark versions 2.6.0 through 2.6.9, update to a version that includes the fix for the buffer overflow issue in the ASN.1 BER dissector. For Wireshark versions 3.0.0 through 3.0.2, update to a version that includes the fix for the buffer overflow issue in the ASN.1 BER dissector.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.12.x through 1.12.7 **Description** The issue is related to the pcapng parser in Wireshark, where the pcapng read if descr block function uses too many levels of pointer indirection. This allows remote attackers to cause a denial of service, resulting in an incorrect free and application crash, via a crafted packet that triggers interface-filter copying. The problem can also be described as a remote code execution vulnerability due to an arbitrary free in the PCAPNG if filter. A malformed packet can cause a denial of service. **Recommendations** For Wireshark versions 1.12.x through 1.12.7, update to version 1.12.8 or later to resolve the issue. As a temporary workaround, consider disabling the pcapng file parser until a patch is available. Restrict access to crafted packets to minimize the risk of exploitation.