Wireshark cleared three vulnerabilities that could allow an unauthenticated, remote attacker to crash vulnerable installations.
In a further reason to patch as quickly as possible, proof-of-concept (PoC) code that demonstrates an exploit of each of the vulnerabilities is publicly available, said researchers at Cisco.
Wireshark is the world’s most popular network protocol analyzer. The software is free and open source.
The vulnerabilities – CVE-2018-16056, CVE-2018-16057 and CVE-2018-16058 – affect three components of Wireshark: Bluetooth Attribute Protocol (ATT) dissector, Radiotap dissector, and Audio/Video Distribution Transport Protocol (AVDTP) dissector.
The vulnerabilities can end up leveraged by an attacker by injecting a malformed packet into a network, to be processed by the affected application, or by convincing a targeted user to open a malicious packet trace file.
Wireshark users should upgrade to one of the fixed versions: 2.6.3, 2.4.9, or 2.2.17.
Cisco also advises users to use firewalls and antivirus apps to minimize the potential of inbound and outbound threats, and to allow only trusted users to have network access and trusted systems to access the affected systems.