Evan Jensen

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.8.x through 1.8.6 **Description** The issue is related to the use of incorrect integer data types in the DCP ETSI dissector, which can be exploited by remote attackers to cause a denial of service. This can be achieved by sending a malformed packet, resulting in an integer overflow, heap memory corruption, or a NULL pointer dereference, ultimately leading to an application crash. **Recommendations** For Wireshark versions 1.8.x through 1.8.6, update to version 1.8.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the DCP ETSI dissector until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.8.0 through 1.8.5 **Description** The issue is related to the `dissect diagnosticrequest` function in the REsource LOcation And Discovery (RELOAD) dissector, which uses an incorrect integer data type. This allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. **Recommendations** For Wireshark versions 1.8.0 through 1.8.5, update to version 1.8.6 or later to resolve the issue.