๐ Wireshark 1.8.0 up to 1.8.7 Assa Abloy R3 Dissector packet-assa_r3.c dissect_r3_upstreamcommand_queryconfig Zero-Length Item memory corruption
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vuldb.com
A vulnerability was found in Wireshark 1.8.0 up to 1.8.7 (Packet Analyzer Software). It has been declared as critical. Affected by this vulnerability is the function dissect_r3_upstreamcommand_queryconfig
of the file packet-assa_r3.c of the component Assa Abloy R3 Dissector. Upgrading to version 1.8.8 eliminates this vulnerability. The upgrade is hosted for download at wireshark.org. Applying a patch is able to eliminate this problem. The bugfix is ready for download at anonsvn.wireshark.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 4 days after the disclosure of the vulnerability. ...