{"vuid":"VU#215900","idnumber":"215900","name":"Wireshark 6LoWPAN denial of service vulnerability","keywords":[""],"overview":"Wireshark will crash on 32-bit systems while reading a malformed 6LoWPAN packet.","clean_desc":"Paul Makowski's report states: dissect_6lowpan_iphc() in /epan/dissectors/packet-6lowpan.c trusts user supplied data when incrementing 'offset'. It is possible for the user to increment 'offset' to a value greater than tvb->length and/or tvb->reported_length, forcing the dissector to attempt dissection out of bounds. If 'offset' is greater than tvb->length or tvb->reported_length, then tvb_length_remaining() or tvb_reported_length_remaining() will return -1 respectively. If tvb_length_remaining() returns -1, then a buffer is allocated 1 byte too short, leading to a partial overwrite of the heap canary.","impact":"An attacker may trigger a denial of service, causing any active capture or .pcap dissection to crash Wireshark/tshark.","resolution":"Apply an Update\nUpgrade to Wireshark 1.4.4. Several other security related fixes are also included in this version.","workarounds":"","sysaffected":"","thanks":"Thanks to Paul Makowski working for CERT/CC for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5722","http://www.wireshark.org/security/wnpa-sec-2011-04.html","http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html","http://www.wireshark.org/download.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-03-02T01:51:35Z","publicdate":"2011-03-02T00:00:00Z","datefirstpublished":"2011-03-02T14:48:23Z","dateupdated":"2011-03-29T12:58:20Z","revision":17,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"14","cam_population":"10","cam_impact":"3","cam_easeofexploitation":"9","cam_attackeraccessrequired":"10","cam_scorecurrent":"1.468125","cam_scorecurrentwidelyknown":"1.72125","cam_scorecurrentwidelyknownexploited":"2.73375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.468125,"vulnote":null}