KLA11094
Multiple vulnerabilities in Wireshark
Updated: 09/01/2017
CVSS
?
7.8
Detect date
?
08/29/2017
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause a denial of service.

Below is a complete list of vulnerabilities:

  1. Buffer overflow vulnerability in the IrCOMM dissector can be exploited remotely via a specially designed packet, which is injected onto the wire, or by convincing a user to handle a specially designed packet trace file to cause a denial of service;
  2. An infinite loop in the MSDP dissector can be exploited remotely via a specially designed packet, which is injected onto the wire, or by convincing a user to handle a specially designed packet trace file to cause a denial of service.
Affected products

Wireshark 2.0.x before 2.0.15
Wireshark 2.2.x before 2.2.9
Wireshark 2.4.x before 2.4.1

Solution

Update to the latest version
Download Wireshark

Original advisories

wnpa-sec-2017-38
wnpa-sec-2017-41

Impacts
?
DoS 
[?]
Related products
Wireshark
CVE-IDS
?

CVE-2017-13767
CVE-2017-13765