The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL
Wireshark 1.8.7
Wireshark 1.8.6
Wireshark 1.8.5
Wireshark 1.8.4
Wireshark 1.8.3
Wireshark 1.8.2
Wireshark 1.8.1
Wireshark 1.8.0
Wireshark 1.6.15
Wireshark 1.6.14
Wireshark 1.6.13
Wireshark 1.6.12
Wireshark 1.6.11
Wireshark 1.6.10
Wireshark 1.6.9
Wireshark 1.6.8
Wireshark 1.6.7
Wireshark 1.6.6
Wireshark 1.6.5
Wireshark 1.6.4
Wireshark 1.6.3
Wireshark 1.6.2
Wireshark 1.6.1
Wireshark 1.6.0