KLA10955
Denial of service vulnerabilities in Wireshark
Обновлено: 17/06/2019
Дата обнаружения
25/01/2017
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.9 and 2.2.0 to 2.2.3. Malicious users can exploit these vulnerabilities to possibly cause a denial of service.

Below is a complete list of vulnerabilities:

  1. The DHCPv6 dissector large loop vulnerability can be exploited remotely via a malformed captured file or a packet injection to consume excessive CPU and possibly cause a denial of service;
  2. The ASTERIX dissector infinite loop vulnerability can be exploited remotely via a malformed captured file or a packet injection to consume excessive CPU and possibly cause a denial of service.

Technical details

Vulnerability (1) is related to the file epan/dissectors/packet-dhcpv6.c.

Vulnerability (2) is related to file epan/dissectors/packet-asterix.c.

Пораженные продукты

Wireshark 2.0.0 to 2.0.9
Wireshark 2.2.0 to 2.2.3

Решение

Update to the latest versions
Download Wireshark

Первичный источник обнаружения
wnpa-sec-2017-01
wnpa-sec-2017-02
Оказываемое влияние
?
DoS 
[?]
Связанные продукты
Wireshark
CVE-IDS
CVE-2017-55975.0Critical
CVE-2017-55965.0Critical