Beschreibung
Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.10 and 2.2.0 to 2.2.4. Malicious users can exploit these vulnerabilities possibly to cause a denial of service.
Below is a complete list of vulnerabilities:
- An LDSS dissector crash can be exploited remotely via packet injection or a malformed capture file possibly to cause a denial of service;
- An IAX2 infinite loop can be exploited remotely via a malformed capture file or a packet injection possibly to cause a denial of service;
- A WSP infinite loop can be exploited remotely via a malformed capture file or a packet injection possibly to cause a denial of service;
- An RTMPT dissector infinite loop can be exploited remotely via a malformed capture file or a packet injection possibly to cause a denial of service;
- A K12 file parser crash can be exploited remotely via a malformed capture file possibly to cause a denial of service;
- A NetScaler file parser infinite loop can be exploited remotely via a malformed capture file possibly to cause a denial of service;
- A NetScaler file parser crash can be exploited remotely via a malformed capture file possibly to cause a denial of service.
Technical details
Vulnerability (1) was found in epan/dissectors/packet-ldss.c when checking that memory allocation is done for a certain data structure.
Vulnerability (2) was found in epan/dissectors/packet-iax2.c when making constraints to packet lateness.
Vulnerability (3) was found in epan/dissectors/packet-wsp.c when validating the capability length.
Vulnerability (4) was found in epan/dissectors/packet-rtmpt.c when accurately incrementing a certain sequence value.
Vulnerability (5) was found in wiretap/k12.c when validating the relationships between offsets and lengths.
Vulnerability (6) was found in wiretap/netscaler.c when validating record sizes and changing the file size restrictions.
Vulnerability (7) was found in wiretap/netscaler.c when validating the relationship between records and pages.
Ursprüngliche Informationshinweise
- wnpa-sec-2017-09
- wnpa-sec-2017-10
- wnpa-sec-2017-03
- wnpa-sec-2017-04
- wnpa-sec-2017-05
- wnpa-sec-2017-08
- wnpa-sec-2017-11
CVE Liste
- CVE-2017-6472 critical
- CVE-2017-6473 critical
- CVE-2017-6474 critical
- CVE-2017-6467 critical
- CVE-2017-6468 critical
- CVE-2017-6469 critical
- CVE-2017-6470 critical
- CVE-2017-6471 critical
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com