The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Wireshark: denial of service via WASSP Dissector

Synthesis of the vulnerability 

An attacker can trigger a fatal error via WASSP Dissector of Wireshark, in order to trigger a denial of service.
Impacted software: openSUSE Leap, Solaris, SLES, Wireshark.
Severity of this computer vulnerability: 2/4.
Creation date: 16/01/2020.
Références of this announce: CERTFR-2020-AVI-041, CVE-2020-7044, openSUSE-SU-2020:0362-1, SUSE-SU-2020:0693-1, VIGILANCE-VUL-31348, wnpa-sec-2020-01.

Description of the vulnerability 

An attacker can trigger a fatal error via WASSP Dissector of Wireshark, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity vulnerability impacts software or systems such as openSUSE Leap, Solaris, SLES, Wireshark.

Our Vigil@nce team determined that the severity of this vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this weakness alert.

Solutions for this threat 

Wireshark: version 3.2.1.
The version 3.2.1 is fixed:
  https://www.wireshark.org/download.html

openSUSE Leap 15.1: new wireshark packages.
New packages are available:
  openSUSE Leap 15.1: wireshark 3.2.2-lp151.2.9.1

Oracle Solaris: patch for third party software of Januray 2020 v2.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE 15: new wireshark packages.
New packages are available:
  SUSE LE 15 RTM: wireshark 3.2.2-3.35.2
  SUSE LE 15 SP1: wireshark 3.2.2-3.35.2
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides network vulnerability alerts. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.