Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.9 and 2.2.0 to 2.2.3. Malicious users can exploit these vulnerabilities to possibly cause a denial of service.

Below is a complete list of vulnerabilities:

1. The DHCPv6 dissector large loop vulnerability can be exploited remotely via a malformed captured file or a packet injection to consume excessive CPU and possibly cause a denial of service;
2. The ASTERIX dissector infinite loop vulnerability can be exploited remotely via a malformed captured file or a packet injection to consume excessive CPU and possibly cause a denial of service.

Technical details

Vulnerability (1) is related to the file epan/dissectors/packet-dhcpv6.c.

Vulnerability (2) is related to file epan/dissectors/packet-asterix.c.

Wireshark 2.0.0 to 2.0.9
Wireshark 2.2.0 to 2.2.3

Update to the latest versions
Download Wireshark

wnpa-sec-2017-01
wnpa-sec-2017-02