Kaspersky ID:
KLA11020
Detect Date:
04/12/2017
Updated:
01/22/2024

Description

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause a denial of service.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in the IMAP (Internet Message Access Protocol) dissector can be exploited remotely via a specially designed packet, which is injected onto the wire, or by convincing a user to handle a specially designed packet trace file to cause a denial of sevice;
  2. An unspecified vulnerability in the WBXML (WAP Binary XML Protocol) dissector and in the BGP (Border Gateway) dissector can be exploited remotely via specially designed packet, which is injected onto the wire, or by convincing a user to handle a specially designed packet trace file to make an infinite loop and possibly cause a denial of sevice;
  3. An unspecified vulnerability in the NetScaler file parser can be exploited remotely by convincing a user to handle a specially designed packet trace file to make an infinite loop and possibly cause a denial of sevice;
  4. An unspecified vulnerability in the RPC (Remote Procedure Call Protocols) over RDMA (Remote Direct Memory Access Protocol) dissector can be exploited remotely by convincing a user to handle a specially designed packet trace file to make an infinite loop and possibly cause a denial of sevice;
  5. An unspecified vulnerability in the BGP (Border Gateway) dissector can be exploited remotely via a specially designed packet, which is injected onto the wire, or by convincing a user to handle a specially designed packet trace file possibly to cause a denial of sevice;
  6. Multiple unspecified vulnerabilities in the DOF dissector, in the PacketBB dissector and in the SLSK dissector can be exploited remotely via a specially designed packet, which is injected onto the wire, or by convincing a user to handle a specially designed packet trace file possibly to cause a denial of sevice;
  7. Multiple unspecified vulnerabilities in the SIGCOMP (Signaling Compression) dissector and in the WSP (Wireless Session Protocol) dissector can be exploited remotely via a specially designed packet, which is injected onto the wire, or by convincing a user to handle a specially designed packet trace file possibly to cause a denial of sevice.

Original advisories

Related products

CVE list

  • CVE-2017-7705
    critical
  • CVE-2017-7704
    critical
  • CVE-2017-7703
    warning
  • CVE-2017-7702
    critical
  • CVE-2017-7701
    critical
  • CVE-2017-7700
    high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky IT Security Calculator
Calculate
Check now
Learn more about cybersecurity on Kaspersky Encyclopedia
For free
Learn more
Confirm changes?
Your message has been sent successfully.