Detect date
?
|
03/03/2017 |
Severity
?
|
Critical |
Description
|
Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.10 and 2.2.0 to 2.2.4. Malicious users can exploit these vulnerabilities possibly to cause a denial of service. Below is a complete list of vulnerabilities:
Technical details Vulnerability (1) was found in epan/dissectors/packet-ldss.c when checking that memory allocation is done for a certain data structure. Vulnerability (2) was found in epan/dissectors/packet-iax2.c when making constraints to packet lateness. Vulnerability (3) was found in epan/dissectors/packet-wsp.c when validating the capability length. Vulnerability (4) was found in epan/dissectors/packet-rtmpt.c when accurately incrementing a certain sequence value. Vulnerability (5) was found in wiretap/k12.c when validating the relationships between offsets and lengths. Vulnerability (6) was found in wiretap/netscaler.c when validating record sizes and changing the file size restrictions. Vulnerability (7) was found in wiretap/netscaler.c when validating the relationship between records and pages. |
Affected products
|
Wireshark 2.0.0 to 2.0.10 |
Solution
|
Update to the latest version |
Original advisories
|
wnpa-sec-2017-07 |
Impacts
?
|
DoS [?] |
Related products
|
Wireshark |
CVE-IDS
?
|
CVE-2017-64725.0Critical
CVE-2017-64735.0Critical CVE-2017-64745.0Critical CVE-2017-64675.0Critical CVE-2017-64685.0Critical CVE-2017-64695.0Critical CVE-2017-64707.8Critical CVE-2017-64715.0Critical |