In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.
Weakness
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Wireshark |
Wireshark |
2.6.0 (including) |
2.6.3 (including) |
Potential Mitigations
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
References