KLA10961
Denial of service vulnerability in Wireshark

Обновлено: 03/06/2020
Дата обнаружения
17/02/2017
Уровень угрозы
Critical
Описание

An infinite loop and memory exhaustion vulnerability was found in Wireshark versions 2.2.4 and earlier. By exploiting this vulnerability malicious users can possibly cause a denial of service. This vulnerability can be exploited remotely via a specially designed or malformed STANAG 4607 capture.


Technical details

The issue is related to a packet with null field of the packet size in the packet header. In this case, the offset to read from will not advance. Contininuous attempts to read the same zero-length packet will soon exhaust all system memory.

Пораженные продукты

Wireshark 2.0.0 to 2.0.10
Wireshark 2.2.0 to 2.2.4 

Решение

Update to the latest version
Download Wireshark

Первичный источник обнаружения
wnpa-sec-2017-06
Оказываемое влияние
?
DoS 
[?]
Связанные продукты
Wireshark
CVE-IDS
CVE-2017-60147.8Critical
Узнай статистику распространения уязвимостей в твоем регионе