Security update: DoS vulnerabilities in network analysis tool Wireshark closed
In the current version of Wireshark, the developers have closed three security gaps and fixed several bugs.
Examination of the systems for anomalies
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Anyone analyzing data traffic in networks with Wireshark should update the tool promptly for security reasons. In the current release, the developers have closed a total of three vulnerabilities.
Security patch available
The threat level of the vulnerabilities (CVE-2024-4853, CVE-2024-4854, CVE-2024-4855) has not yet been classified. An article on the repaired Wireshark version 4.2.5 states that these are DoS vulnerabilities. Attackers should be able to crash the tool with a prepared file. It is currently unclear how this could happen in detail.
Videos by heise
The developers have also fixed several bugs. Among other things, errors in SSH decryption in the context of elliptic curves have been corrected.
(des)
