The popular network analysis tool Wireshark has been found to have several security vulnerabilities that can be exploited by attackers. The consequences of an attack are that the tool crashes. The developers of the tool have released a statement informing users that they have fixed a total of nine security holes in versions 4.0.6 and 3.6.14. The attackers can exploit the vulnerabilities by using prepared packages in components such as Candump Log File Parser (CVE-2023-2855 “high”) and BLF File Parser (CVE-2023-2857 “high”) to cause the crashes.
Apart from fixing the security holes, the developers of Wireshark have also addressed various bugs that the tool had previously. Improvements have been made when saving capture data. Also, protocols such as HTTP have seen updates. This shows that the developers are actively working on the tool and updating it to ensure it remains safe and secure for users.
It is important for users of the Wireshark network analysis tool to update their software to the latest versions so that they can benefit from the security fixes implemented by the developers. Failure to update could lead to an attack which could have serious consequences including data loss and even compromise of sensitive information. Users should be aware of the risks involved in using network analysis tools and take all necessary precautions to protect their systems from unauthorized access.
