The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wireshark | Wireshark | 0.99.2 (including) | 0.99.2 (including) |
| Wireshark | Wireshark | 0.99.3 (including) | 0.99.3 (including) |
| Wireshark | Wireshark | 0.99.4 (including) | 0.99.4 (including) |
| Wireshark | Wireshark | 0.99.5 (including) | 0.99.5 (including) |
| Wireshark | Wireshark | 0.99.6 (including) | 0.99.6 (including) |
| Wireshark | Wireshark | 0.99.6a (including) | 0.99.6a (including) |
| Wireshark | Wireshark | 0.99.7 (including) | 0.99.7 (including) |
| Wireshark | Wireshark | 0.99.8 (including) | 0.99.8 (including) |
| Wireshark | Wireshark | 1.0 (including) | 1.0 (including) |
| Wireshark | Wireshark | 1.0.0 (including) | 1.0.0 (including) |
| Wireshark | Wireshark | 1.0.1 (including) | 1.0.1 (including) |
| Wireshark | Wireshark | 1.0.2 (including) | 1.0.2 (including) |
| Wireshark | Wireshark | 1.0.3 (including) | 1.0.3 (including) |
| Red Hat Enterprise Linux 3 | RedHat | wireshark-0:1.0.6-EL3.3 | * |
| Red Hat Enterprise Linux 4 | RedHat | wireshark-0:1.0.6-2.el4_7 | * |
| Red Hat Enterprise Linux 5 | RedHat | wireshark-0:1.0.6-2.el5_3 | * |
| Wireshark | Ubuntu | gutsy | * |
| Wireshark | Ubuntu | hardy | * |
| Wireshark | Ubuntu | intrepid | * |
| Wireshark | Ubuntu | upstream | * |