KLA10955
Denial of service vulnerabilities in Wireshark

Обновлено: 03/06/2020

Дата обнаружения	25/01/2017
Уровень угрозы	Warning
Описание	Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.9 and 2.2.0 to 2.2.3. Malicious users can exploit these vulnerabilities to possibly cause a denial of service. Below is a complete list of vulnerabilities: The DHCPv6 dissector large loop vulnerability can be exploited remotely via a malformed captured file or a packet injection to consume excessive CPU and possibly cause a denial of service; The ASTERIX dissector infinite loop vulnerability can be exploited remotely via a malformed captured file or a packet injection to consume excessive CPU and possibly cause a denial of service. Technical details Vulnerability (1) is related to the file epan/dissectors/packet-dhcpv6.c. Vulnerability (2) is related to file epan/dissectors/packet-asterix.c.
Пораженные продукты	Wireshark 2.0.0 to 2.0.9 Wireshark 2.2.0 to 2.2.3
Решение	Update to the latest versions Download Wireshark
Первичный источник обнаружения	wnpa-sec-2017-01 wnpa-sec-2017-02
Оказываемое влияние ?	DoS [?]
Связанные продукты	Wireshark
CVE-IDS	CVE-2017-55975.0Critical CVE-2017-55965.0Critical
	Узнай статистику распространения уязвимостей в твоем регионе

KLA10955Denial of service vulnerabilities in Wireshark