ASN.1 BER Dissector Crash Vulnerability in Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15

ASN.1 BER Dissector Crash Vulnerability in Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15

CVE-2018-14343 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.

Learn more about our Web Application Penetration Testing UK.