{"vuid":"VU#723736","idnumber":"723736","name":"Wireshark contains an unspecified vulnerability in the XOT dissector","keywords":["Wireshark","DoS","denial of service","XOT dissector","epan/dissectors/packet-xot.c"],"overview":"Wireshark contains a vulnerability in the XOT dissector that may cause the application to crash.","clean_desc":"Wireshark contains a vulnerability in the XOT dissector that may allow the application to allocate a large amount of memory and cause the application to crash. This vulnerability may be exploited when a remote attacker sends a specially crafted, malformed packet or by convincing the user to read a malformed packet trace file. Wireshark states that Wireshark version 0.99.3 is affected by this vulnerability. Note: Ethereal has changed its name to Wireshark.","impact":"A remote attacker may be able to cause a denial-of-service condition.","resolution":"Update\nWireshark has released an updated product version (Wireshark 0.99.4).","workarounds":"Workaround Wireshark provides a workaround in security document wnpa-sec-2006-03.","sysaffected":"","thanks":"This vulnerability was reported in Wireshark document\n wnpa-sec-2006-03","author":"This document was written by Katie Steiner.","public":["http://www.wireshark.org/security/wnpa-sec-2006-03.html","http://www.securityfocus.com/bid/20762","http://secunia.com/advisories/22590","http://secunia.com/advisories/22659/","http://secunia.com/advisories/22672/","http://secunia.com/advisories/22692/","http://secunia.com/advisories/22797/","http://secunia.com/advisories/22841/","http://secunia.com/advisories/22929/"],"cveids":["CVE-2006-4805"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-11-01T16:23:16Z","publicdate":"2006-10-27T00:00:00Z","datefirstpublished":"2006-11-30T21:26:56Z","dateupdated":"2006-12-20T15:37:01Z","revision":18,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}