Researchers have reported the finding of a critical vulnerability in Wireshark, a protocol analyzer and troubleshooter in communications networks. According to the report, the flaw would allow the deployment of a denial of service (DoS) condition on the affected system.
Below is a brief description of the reported flaw, in addition to its tracking key and score according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-17498: The flaw exists due to a limit error in the Kafka dissector, which would allow threat actors to pass data specially designed to trigger a double failure and collapse the application, generating the DoS condition.
This is a medium severity vulnerability that received a score of 6.5/10.
The Wireshark versions affected by this DoS fault are: 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5.
While the flaw could be exploited by an unauthenticated remote hacker sending specially crafted requests to the vulnerable application, attempts at active exploitation or any malware variant related to the attack have yet been detected.
Wireshark acknowledged the issue when receiving the report, so updates are now available. Users of vulnerable versions of the software are recommended to update as soon as possible.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.