| VID |
50415 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Wireshark installed on the remote Windows host is prior to 3.6.20. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.6.20 advisory.
- GVCP dissector crash in Wireshark 3.6.0 to 3.6.19 allows denial of service viapacket injection or crafted capture file (CVE-2024-0208)
- IEEE 1609.2 dissector crash in Wireshark 3.6.0 to 3.6.19 allows denial ofservice via packet injection or crafted capture file (CVE-2024-0209)
* References:
https://www.wireshark.org/docs/relnotes/wireshark-3.6.20.html
https://gitlab.com/wireshark/wireshark/-/issues/19496
https://www.wireshark.org/security/wnpa-sec-2024-01
https://gitlab.com/wireshark/wireshark/-/issues/19501
https://www.wireshark.org/security/wnpa-sec-2024-02
* Platforms Affected:
Wireshark versions 3.6.x prior to 3.6.20
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Wireshark (3.6.20 or later), available from the Wireshark.org Web site at http://www.wireshark.org/download/win32/all-versions/ |
| Related URL |
CVE-2024-0208,CVE-2024-0209 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
