KLA11063
Denial of service vulnerabilities in Wireshark

Обновлено: 03/06/2020

Дата обнаружения	14/06/2017
Уровень угрозы	Warning
Описание	Multiple serious vulnerabilities have been found in Wireshark version 2.2.7. Malicious users can exploit these vulnerabilities to cause a denial of service. Below is a complete list of vulnerabilities: A stack exhaustion vulnerability in the DAAP dissector can be exploited remotely via a specially designed DAAP data to cause a denial of service; A stack exhaustion vulnerability in the MP4 dissector can be exploited remotely via a specially designed MP4 data to cause a denial of service. Technical details Vulnerability (1) is related to the dissect_daap_one_tag() function in epan/dissectors/packet-daap.c. Vulnerability (1) is related to the dissect_mp4_box() function in epan/dissectors/file-mp4.c.
Пораженные продукты	Wireshark version 2.2.7
Решение	Avoid processing MP4 data and DAAP data with vulnerable Wireshark version.
Первичный источник обнаружения	Wireshark Bug Database Wireshark Bug Database
Оказываемое влияние ?	DoS [?]
Связанные продукты	Wireshark
CVE-IDS	CVE-2017-96174.3Warning CVE-2017-96164.3Warning
	Узнай статистику распространения уязвимостей в твоем регионе

KLA11063Denial of service vulnerabilities in Wireshark