A high-severity vulnerability in the Wireshark SSH dissector can be triggered by a malicious network packet, causing the application to crash and resulting in a denial of service.

A flaw within the SSH protocol dissector causes the Wireshark application to crash when processing a specially crafted SSH packet. An attacker could exploit this by injecting a malicious packet into a network capture file (pcap) or a live network stream being monitored by a user.

Rated High with a CVSS score of 7.8, this vulnerability primarily impacts availability. Security analysts or network administrators using Wireshark for troubleshooting or forensic analysis could have their sessions terminated unexpectedly, leading to loss of unsaved capture data and disruption of security operations. While the primary impact is a crash, complex parsing vulnerabilities can sometimes lead to code execution, although that is not specified here.

Immediate Action: Update all installations of Wireshark to the latest patched version immediately. Discontinue use of vulnerable versions for analyzing untrusted network traffic or capture files.

Proactive Monitoring: There are limited monitoring options for a client-side application crash. Ensure that endpoint protection is in place to detect any potential secondary payloads if the vulnerability were to be escalated to code execution.

Compensating Controls: Only analyze network traffic from trusted sources. Be cautious when opening packet capture files from the internet or other untrusted locations with a vulnerable version of Wireshark.

Public Exploit Available: false

This vulnerability presents a significant operational risk to security and network teams who rely on Wireshark for critical tasks. To ensure the stability and integrity of network analysis activities, all users must upgrade to the latest version of Wireshark without delay.