A report of penetration testing services experts has revealed a vulnerability in Wireshark, the protocol analyzer used for the inspection and resolution of multiple problems in communications networks. Successful exploitation of this flaw would allow remote hackers to launch denial of service (DoS) attacks.
Below is a brief description of the reported flaw, in addition to its respective score and tracking key according to the Common Vulnerability Scoring System (CVSS).
The vulnerability, tracked as CVE-2020-15466, exists due to an infinite loop within the GVCP dissector, allowing remote threat actors to deploy DoS attacks. A malicious hacker can pass a specially designed package tracking file to the vulnerable application, which will consume all system resources, leading to the DoS condition.
The fault, considered of average severity, received a score of 5.7/10 and resides in the following versions of Wireshark: 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4.
Although the flaw can be exploited remotely by unauthenticated hackers over the Internet, penetration testing services specialists have not yet detected active exploit attempts. The first scans also do not report the finding of some malware variant associated with this attack.
Wireshark developers have already released a fix for versions affected by this failure, so users of affected deployments should only verify their correct installation. There is no workaround to fix this vulnerability, so users will need to install an updated version to mitigate the risk of exploitation.
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.