Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10955
Denial of service vulnerabilities in Wireshark

Updated: 05/22/2020
Detect date
?
 01/25/2017
Severity
?
 Warning
Description

Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.9 and 2.2.0 to 2.2.3. Malicious users can exploit these vulnerabilities to possibly cause a denial of service.

Below is a complete list of vulnerabilities:

  1. The DHCPv6 dissector large loop vulnerability can be exploited remotely via a malformed captured file or a packet injection to consume excessive CPU and possibly cause a denial of service;
  2. The ASTERIX dissector infinite loop vulnerability can be exploited remotely via a malformed captured file or a packet injection to consume excessive CPU and possibly cause a denial of service.

Technical details

Vulnerability (1) is related to the file epan/dissectors/packet-dhcpv6.c.

Vulnerability (2) is related to file epan/dissectors/packet-asterix.c.
Affected products

Wireshark 2.0.0 to 2.0.9
Wireshark 2.2.0 to 2.2.3
Solution

Update to the latest versions
Download Wireshark
Original advisories

wnpa-sec-2017-01
wnpa-sec-2017-02
Impacts
?
DoS 
[?]
Related products
 Wireshark
CVE-IDS
?
CVE-2017-55975.0Critical
CVE-2017-55965.0Critical
© 2021 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up