Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český

KLA10955
Denial of service vulnerabilities in Wireshark
Updated: 02/02/2017
CVSS
?
 5.0
Detect date
?
 01/25/2017
Severity
?
 Warning
Description

Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.9 and 2.2.0 to 2.2.3. Malicious users can exploit these vulnerabilities to possibly cause a denial of service.

Below is a complete list of vulnerabilities:

  1. The DHCPv6 dissector large loop vulnerability can be exploited remotely via a malformed captured file or a packet injection to consume excessive CPU and possibly cause a denial of service;
  2. The ASTERIX dissector infinite loop vulnerability can be exploited remotely via a malformed captured file or a packet injection to consume excessive CPU and possibly cause a denial of service.

Technical details

Vulnerability (1) is related to the file epan/dissectors/packet-dhcpv6.c.

Vulnerability (2) is related to file epan/dissectors/packet-asterix.c.
Affected products

Wireshark 2.0.0 to 2.0.9
Wireshark 2.2.0 to 2.2.3
Solution

Update to the latest versions
Download Wireshark
Original advisories

wnpa-sec-2017-01
wnpa-sec-2017-02
Impacts
?
DoS 
[?]
Related products
 Wireshark
CVE-IDS
?

CVE-2017-5596
CVE-2017-5597
© 2018 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up