KLA11094
Multiple vulnerabilities in Wireshark
Обновлено: 26/06/2019
Дата обнаружения
29/08/2017
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause a denial of service.

Below is a complete list of vulnerabilities:

  1. Buffer overflow vulnerability in the IrCOMM dissector can be exploited remotely via a specially designed packet, which is injected onto the wire, or by convincing a user to handle a specially designed packet trace file to cause a denial of service;
  2. An infinite loop in the MSDP dissector can be exploited remotely via a specially designed packet, which is injected onto the wire, or by convincing a user to handle a specially designed packet trace file to cause a denial of service.
Пораженные продукты

Wireshark 2.0.x before 2.0.15
Wireshark 2.2.x before 2.2.9
Wireshark 2.4.x before 2.4.1

Решение

Update to the latest version
Download Wireshark

Первичный источник обнаружения
wnpa-sec-2017-38
wnpa-sec-2017-41
Оказываемое влияние
?
DoS 
[?]
Связанные продукты
Wireshark
CVE-IDS
CVE-2017-137655.0Critical
CVE-2017-137677.8Critical