Wireshark Steam IHS Discovery Dissector Denial of Service Vulnerability

By GIXnews

A vulnerability in the Steam In-Home Streaming (IHS) Discovery dissector component of Wireshark could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An attacker could exploit this vulnerability by injecting a malformed packet into a network, to be processed by the affected application, or by convincing a targeted user to open a malicious packet trace file. A successful exploit could trigger a memory leak and cause the software to crash, resulting in a DoS condition.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

Wireshark has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-18226

Source:: Cisco Multivendor Vulnerability Alerts