The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wireshark | Wireshark | 0.99.2 (including) | 0.99.2 (including) |
| Wireshark | Wireshark | 0.99.3 (including) | 0.99.3 (including) |
| Wireshark | Wireshark | 0.99.4 (including) | 0.99.4 (including) |
| Wireshark | Wireshark | 0.99.5 (including) | 0.99.5 (including) |
| Wireshark | Wireshark | 0.99.6 (including) | 0.99.6 (including) |
| Wireshark | Wireshark | 0.99.6a (including) | 0.99.6a (including) |
| Wireshark | Wireshark | 0.99.7 (including) | 0.99.7 (including) |
| Wireshark | Wireshark | 0.99.8 (including) | 0.99.8 (including) |
| Wireshark | Wireshark | 1.0 (including) | 1.0 (including) |
| Wireshark | Wireshark | 1.0.0 (including) | 1.0.0 (including) |
| Wireshark | Wireshark | 1.0.1 (including) | 1.0.1 (including) |
| Wireshark | Wireshark | 1.0.2 (including) | 1.0.2 (including) |
| Wireshark | Wireshark | 1.0.3 (including) | 1.0.3 (including) |