Perform a DoS attack remotely targeting Wireshark users with this flaw

Researchers have reported the finding of a critical vulnerability in Wireshark, a protocol analyzer and troubleshooter in communications networks. According to the report, the flaw would allow the deployment of a denial of service (DoS) condition on the affected system.

Below is a brief description of the reported flaw, in addition to its tracking key and score according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-17498: The flaw exists due to a limit error in the Kafka dissector, which would allow threat actors to pass data specially designed to trigger a double failure and collapse the application, generating the DoS condition.

This is a medium severity vulnerability that received a score of 6.5/10.

The Wireshark versions affected by this DoS fault are: 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5.

While the flaw could be exploited by an unauthenticated remote hacker sending specially crafted requests to the vulnerable application, attempts at active exploitation or any malware variant related to the attack have yet been detected.

Wireshark acknowledged the issue when receiving the report, so updates are now available. Users of vulnerable versions of the software are recommended to update as soon as possible.