epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wireshark | Wireshark | 0.9.8 (including) | 0.9.8 (including) |
| Wireshark | Wireshark | 0.9.10 (including) | 0.9.10 (including) |
| Wireshark | Wireshark | 0.10 (including) | 0.10 (including) |
| Wireshark | Wireshark | 0.10.4 (including) | 0.10.4 (including) |
| Wireshark | Wireshark | 0.10.13 (including) | 0.10.13 (including) |
| Wireshark | Wireshark | 0.99 (including) | 0.99 (including) |
| Wireshark | Wireshark | 0.99.1 (including) | 0.99.1 (including) |
| Wireshark | Wireshark | 0.99.2 (including) | 0.99.2 (including) |
| Wireshark | Wireshark | 0.99.3 (including) | 0.99.3 (including) |
| Red Hat Enterprise Linux 2.1 | RedHat | wireshark-0:0.99.4-AS21.1 | * |
| Red Hat Enterprise Linux 3 | RedHat | wireshark-0:0.99.4-EL3.1 | * |
| Red Hat Enterprise Linux 4 | RedHat | wireshark-0:0.99.4-EL4.1 | * |
| Ethereal | Ubuntu | dapper | * |
| Wireshark | Ubuntu | devel | * |
| Wireshark | Ubuntu | edgy | * |
| Wireshark | Ubuntu | feisty | * |
| Wireshark | Ubuntu | gutsy | * |
| Wireshark | Ubuntu | hardy | * |
| Wireshark | Ubuntu | intrepid | * |
| Wireshark | Ubuntu | jaunty | * |
| Wireshark | Ubuntu | karmic | * |
| Wireshark | Ubuntu | upstream | * |