Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201706-9
HistoryJun 12, 2017 - 12:00 a.m.

[ASA-201706-9] wireshark-cli: denial of service

2017-06-1200:00:00
security.archlinux.org
8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.021 Low

EPSS

Percentile

89.1%

JSON

Arch Linux Security Advisory ASA-201706-9

Severity: Low
Date : 2017-06-12
CVE-ID : CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346
CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350
CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354
Package : wireshark-cli
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-287

Summary

The package wireshark-cli before version 2.2.7-1 is vulnerable to
denial of service.

Resolution

Upgrade to 2.2.7-1.

pacman -Syu “wireshark-cli>=2.2.7-1”

The problems have been fixed upstream in version 2.2.7.

Workaround

None.

Description

  • CVE-2017-9343 (denial of service)

An issue has been found in the MSNIP dissector of Wireshark < 2.2.7,
where NULL pointer dereference can be triggered by injecting a
malicious packet into the wire or by convincing someone to read a
malformed packet trace file.

  • CVE-2017-9344 (denial of service)

An issue has been found in the BT L2CAP dissector of Wireshark < 2.2.7,
where a division by zero can be triggered by injecting a malicious
packet into the wire or by convincing someone to read a malformed
packet trace file.

  • CVE-2017-9345 (denial of service)

An issue has been found in the DNS dissector of Wireshark < 2.2.7,
where an infinite loop can be triggered by injecting a malicious packet
into the wire or by convincing someone to read a malformed packet trace
file.

  • CVE-2017-9346 (denial of service)

An issue has been found in the SoulSeek dissector of Wireshark < 2.2.7,
where an infinite loop can be triggered by injecting a malicious packet
into the wire or by convincing someone to read a malformed packet trace
file.

  • CVE-2017-9347 (denial of service)

An issue has been found in the ROS dissector of Wireshark < 2.2.7,
where an NULL pointer dereference can be triggered by injecting a
malicious packet into the wire or by convincing someone to read a
malformed packet trace file.

  • CVE-2017-9348 (denial of service)

An issue has been found in the DOF dissector of Wireshark < 2.2.7,
where a heap-based out-of-bounds read can be triggered by injecting a
malicious packet into the wire or by convincing someone to read a
malformed packet trace file.

  • CVE-2017-9349 (denial of service)

An issue has been found in the DICOM dissector of Wireshark < 2.2.7,
where an infinite loop can be triggered by injecting a malicious packet
into the wire or by convincing someone to read a malformed packet trace
file.

  • CVE-2017-9350 (denial of service)

An issue has been found in the openSAFETY dissector of Wireshark <
2.2.7, where an over-sized memory allocation can be triggered by
injecting a malicious packet into the wire or by convincing someone to
read a malformed packet trace file.

  • CVE-2017-9351 (denial of service)

An issue has been found in the DHCP dissector of Wireshark < 2.2.7,
where a heap-based out-of-bounds read can be triggered by injecting a
malicious packet into the wire or by convincing someone to read a
malformed packet trace file.

  • CVE-2017-9352 (denial of service)

An issue has been found in the bazaar dissector of Wireshark < 2.2.7,
where an infinite loop can be triggered by injecting a malicious packet
into the wire or by convincing someone to read a malformed packet trace
file.

  • CVE-2017-9353 (denial of service)

An issue has been found in the IPv6 dissector of Wireshark < 2.2.7,
where a NULL pointer dereference can be triggered by injecting a
malicious packet into the wire or by convincing someone to read a
malformed packet trace file.

  • CVE-2017-9354 (denial of service)

An issue has been found in the RGMP dissector of Wireshark < 2.2.7,
where a NULL pointer dereference can be triggered by injecting a
malicious packet into the wire or by convincing someone to read a
malformed packet trace file.

Impact

A remote attacker can cause a denial of service by injecting a
malicious packet into the wire or by convincing someone to read a
malformed packet trace file.

References

https://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html
https://www.wireshark.org/security/wnpa-sec-2017-30.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725
https://www.wireshark.org/security/wnpa-sec-2017-29.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701
https://www.wireshark.org/security/wnpa-sec-2017-26.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633
https://www.wireshark.org/security/wnpa-sec-2017-25.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631
https://www.wireshark.org/security/wnpa-sec-2017-31.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637
https://www.wireshark.org/security/wnpa-sec-2017-23.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608
https://www.wireshark.org/security/wnpa-sec-2017-27.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685
https://www.wireshark.org/security/wnpa-sec-2017-28.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649
https://www.wireshark.org/security/wnpa-sec-2017-24.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13628
https://www.wireshark.org/security/wnpa-sec-2017-22.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599
https://www.wireshark.org/security/wnpa-sec-2017-33.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675
https://www.wireshark.org/security/wnpa-sec-2017-32.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646
https://security.archlinux.org/CVE-2017-9343
https://security.archlinux.org/CVE-2017-9344
https://security.archlinux.org/CVE-2017-9345
https://security.archlinux.org/CVE-2017-9346
https://security.archlinux.org/CVE-2017-9347
https://security.archlinux.org/CVE-2017-9348
https://security.archlinux.org/CVE-2017-9349
https://security.archlinux.org/CVE-2017-9350
https://security.archlinux.org/CVE-2017-9351
https://security.archlinux.org/CVE-2017-9352
https://security.archlinux.org/CVE-2017-9353
https://security.archlinux.org/CVE-2017-9354

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanywireshark-cli< 2.2.7-1UNKNOWN

References

Related

kaspersky 1
nessus 13
altlinux 3
openvas 11
fedora 1
mageia 1
osv 15
debian 1
prion 14
alpinelinux 13
cve 14
debiancve 14
redhatcve 14
zdt 2
ubuntucve 14
archlinux 1
rosalinux 1
kaspersky
kaspersky
KLA11034 Multiple vulnerabilities in Wireshark
2017-06-02 00:00:00
nessus
nessus
openSUSE Security Update : wireshark (openSUSE-2017-674)
2017-06-13 00:00:00
SUSE SLES11 Security Update : wireshark (SUSE-SU-2017:1664-1)
2017-06-26 00:00:00
Wireshark 2.0.x < 2.0.13 / 2.2.x < 2.2.7 Multiple DoS
2017-06-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package wireshark version 2.2.7-alt1
2017-06-04 00:00:00
Security fix for the ALT Linux 7 package wireshark version 2.2.7-alt1.M70P.1
2017-06-04 00:00:00
Security fix for the ALT Linux 9 package wireshark version 2.2.8-alt1
2017-07-21 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1663-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1664-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2017-0161)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: wireshark-2.2.7-1.fc26
2017-06-19 14:36:25
mageia
mageia
Updated wireshark packages fix security vulnerabilities
2017-06-09 00:39:47
osv
osv
wireshark - security update
2019-03-25 00:00:00
CVE-2017-9348
2017-06-02 05:29:00
CVE-2017-9353
2017-06-02 05:29:00
debian
debian
[SECURITY] [DLA 1729-1] wireshark security update
2019-03-25 21:39:30
prion
prion
Design/Logic Flaw
2017-06-02 05:29:00
Code injection
2017-06-02 05:29:00
Code injection
2017-06-02 05:29:00
alpinelinux
alpinelinux
CVE-2017-9352
2017-06-02 05:29:00
CVE-2017-9346
2017-06-02 05:29:00
CVE-2017-9350
2017-06-02 05:29:00
cve
cve
CVE-2017-9346
2017-06-02 05:29:00
CVE-2017-9348
2017-06-02 05:29:00
CVE-2017-9352
2017-06-02 05:29:00
debiancve
debiancve
CVE-2017-9346
2017-06-02 05:29:00
CVE-2017-9347
2017-06-02 05:29:00
CVE-2017-9345
2017-06-02 05:29:00
redhatcve
redhatcve
CVE-2017-9348
2017-06-02 07:21:02
CVE-2017-9346
2017-06-02 07:19:13
CVE-2017-9343
2017-06-02 07:21:19
zdt
zdt
Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service Vulnerability
2017-06-06 00:00:00
Wireshark 2.2.6 - IPv6 Dissector Denial of Service Vulnerability
2017-06-06 00:00:00
ubuntucve
ubuntucve
CVE-2017-9347
2017-06-02 00:00:00
CVE-2017-9348
2017-06-02 00:00:00
CVE-2017-9353
2017-06-02 00:00:00
archlinux
archlinux
[ASA-201707-28] wireshark-cli: denial of service
2017-07-26 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1997
2021-07-02 18:20:14

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.021 Low

EPSS

Percentile

89.1%

JSON
Related for ASA-201706-9
kaspersky1nessus13altlinux3openvas11fedora1mageia1osv15debian1prion14alpinelinux13cve14debiancve14redhatcve14zdt2ubuntucve14archlinux1rosalinux1