ID CVE-2017-9351 Type cve Reporter cve@mitre.org Modified 2019-03-20T13:24:00
Description
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
{"openvas": [{"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9354", "CVE-2017-9344", "CVE-2017-9349", "CVE-2017-9343", "CVE-2017-9346", "CVE-2017-9345", "CVE-2017-9351", "CVE-2017-9352", "CVE-2017-9350"], "description": "This host is installed with Wireshark\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2017-06-02T00:00:00", "id": "OPENVAS:1361412562310811070", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811070", "type": "openvas", "title": "Wireshark Multiple Denial-of-Service Vulnerabilities-01 June17 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln01_june_win.nasl 11863 2018-10-12 09:42:02Z mmartin $\n#\n# Wireshark Multiple Denial-of-Service Vulnerabilities-01 June17 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wireshark:wireshark\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811070\");\n script_version(\"$Revision: 11863 $\");\n script_cve_id(\"CVE-2017-9352\", \"CVE-2017-9351\", \"CVE-2017-9346\", \"CVE-2017-9345\",\n \"CVE-2017-9349\", \"CVE-2017-9350\", \"CVE-2017-9344\", \"CVE-2017-9343\",\n \"CVE-2017-9354\");\n script_bugtraq_id(98804, 98808, 98799, 98798, 98803, 98806, 98796, 98797, 98802);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 11:42:02 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-02 15:48:52 +0530 (Fri, 02 Jun 2017)\");\n script_name(\"Wireshark Multiple Denial-of-Service Vulnerabilities-01 June17 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in the epan/dissectors/packet-rgmp.c script within the RGMP\n dissector which could crash.\n\n - An error in the epan/dissectors/packet-msnip.c script within the MSNIP\n dissector which misuses a NULL pointer.\n\n - An error in the epan/dissectors/packet-btl2cap.c script within the Bluetooth\n L2CAP dissector which could divide by zero.\n\n - An error in the epan/dissectors/packet-opensafety.c script within the openSAFETY\n dissector which could crash or exhaust system memory.\n\n - An error in the epan/dissectors/packet-dcm.c script within the DICOM dissector\n which could go into an infinite loop.\n\n - An error in the epan/dissectors/packet-slsk.c script within the SoulSeek\n dissector which could go into an infinite loop.\n\n - An error in the epan/dissectors/packet-dns.c script within the DNS dissector\n which could go into an infinite loop.\n\n - An error in epan/dissectors/packet-bzr.c script within the Bazaar dissector\n which could go into an infinite loop.\n\n - An error in epan/dissectors/packet-bootp.c script within the DHCP dissector\n which could read past the end of a buffer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to crash wireshark or consume excessive CPU resources.\");\n\n script_tag(name:\"affected\", value:\"Wireshark version 2.2.0 through 2.2.6\n and 2.0.0 through 2.0.12 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 2.2.7 or\n 2.0.13 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-32.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-30.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-29.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-28.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-27.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-25.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-26.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-22.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-24.html\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!wirversion = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(wirversion =~ \"^(2\\.2)\" && version_is_less(version:wirversion, test_version:\"2.2.7\")){\n fix = \"2.2.7\";\n}\nelse if(wirversion =~ \"^(2\\.0)\" && version_is_less(version:wirversion, test_version:\"2.0.13\")){\n fix = \"2.0.13\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:wirversion, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9354", "CVE-2017-9344", "CVE-2017-9349", "CVE-2017-9343", "CVE-2017-9346", "CVE-2017-9345", "CVE-2017-9351", "CVE-2017-9352", "CVE-2017-9350"], "description": "This host is installed with Wireshark\n and is prone to multiple vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2017-06-02T00:00:00", "id": "OPENVAS:1361412562310811071", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811071", "type": "openvas", "title": "Wireshark Multiple Denial-of-Service Vulnerabilities-01 June17 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln01_june_macosx.nasl 11959 2018-10-18 10:33:40Z mmartin $\n#\n# Wireshark Multiple Denial-of-Service Vulnerabilities-01 June17 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wireshark:wireshark\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811071\");\n script_version(\"$Revision: 11959 $\");\n script_cve_id(\"CVE-2017-9352\", \"CVE-2017-9351\", \"CVE-2017-9346\", \"CVE-2017-9345\",\n \"CVE-2017-9349\", \"CVE-2017-9350\", \"CVE-2017-9344\", \"CVE-2017-9343\",\n \"CVE-2017-9354\");\n script_bugtraq_id(98804, 98808, 98799, 98798, 98803, 98806, 98796, 98797, 98802);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 12:33:40 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-06-02 16:51:51 +0530 (Fri, 02 Jun 2017)\");\n script_name(\"Wireshark Multiple Denial-of-Service Vulnerabilities-01 June17 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in the epan/dissectors/packet-rgmp.c script within the RGMP\n dissector which could crash.\n\n - An error in the epan/dissectors/packet-msnip.c script within the MSNIP\n dissector which misuses a NULL pointer.\n\n - An error in the epan/dissectors/packet-btl2cap.c script within the Bluetooth\n L2CAP dissector which could divide by zero.\n\n - An error in the epan/dissectors/packet-opensafety.c script within the openSAFETY\n dissector which could crash or exhaust system memory.\n\n - An error in the epan/dissectors/packet-dcm.c script within the DICOM dissector\n which could go into an infinite loop.\n\n - An error in the epan/dissectors/packet-slsk.c script within the SoulSeek\n dissector which could go into an infinite loop.\n\n - An error in the epan/dissectors/packet-dns.c script within the DNS dissector\n which could go into an infinite loop.\n\n - An error in epan/dissectors/packet-bzr.c script within the Bazaar dissector\n which could go into an infinite loop.\n\n - An error in epan/dissectors/packet-bootp.c script within the DHCP dissector\n which could read past the end of a buffer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to crash wireshark or consume excessive CPU resources.\");\n\n script_tag(name:\"affected\", value:\"Wireshark version 2.2.0 through 2.2.6\n and 2.0.0 through 2.0.12 on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 2.2.7 or\n 2.0.13 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-32.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-30.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-29.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-28.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-27.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-25.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-26.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-22.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-24.html\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!wirversion = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(wirversion =~ \"^(2\\.2)\" && version_is_less(version:wirversion, test_version:\"2.2.7\")){\n fix = \"2.2.7\";\n}\nelse if(wirversion =~ \"^(2\\.0)\" && version_is_less(version:wirversion, test_version:\"2.0.13\")){\n fix = \"2.0.13\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:wirversion, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9343", "CVE-2017-9344", "CVE-2017-9345", "CVE-2017-9347", "CVE-2017-9348", "CVE-2017-9349", "CVE-2017-9350", "CVE-2017-9351", "CVE-2017-9353", "CVE-2017-9354"], "description": "Metapackage with installs wireshark-cli and wireshark-qt. ", "modified": "2017-06-19T14:36:25", "published": "2017-06-19T14:36:25", "id": "FEDORA:D3A5060567DB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: wireshark-2.2.7-1.fc26", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:36", "bulletinFamily": "info", "cvelist": ["CVE-2017-9347", "CVE-2017-9354", "CVE-2017-9344", "CVE-2017-9349", "CVE-2017-9353", "CVE-2017-9343", "CVE-2017-9346", "CVE-2017-9345", "CVE-2017-9351", "CVE-2017-9352", "CVE-2017-9350"], "description": "### *Detect date*:\n06/02/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities possibly to cause a denial of service.\n\n### *Affected products*:\nWireshark 2.0.x before 2.0.13 \nWireshark 2.2.x before 2.2.7\n\n### *Solution*:\nUpdate to the latest version \n[Download Wireshark](<https://www.wireshark.org/download.html>)\n\n### *Original advisories*:\n[wnpa-sec-2017-31](<https://www.wireshark.org/security/wnpa-sec-2017-31.html>) \n[wnpa-sec-2017-33](<https://www.wireshark.org/security/wnpa-sec-2017-33.html>) \n[wnpa-sec-2017-26](<https://www.wireshark.org/security/wnpa-sec-2017-26.html>) \n[wnpa-sec-2017-27](<https://www.wireshark.org/security/wnpa-sec-2017-27.html>) \n[wnpa-sec-2017-28](<https://www.wireshark.org/security/wnpa-sec-2017-28.html>) \n[wnpa-sec-2017-29](<https://www.wireshark.org/security/wnpa-sec-2017-29.html>) \n[wnpa-sec-2017-30](<https://www.wireshark.org/security/wnpa-sec-2017-30.html>) \n[wnpa-sec-2017-24](<https://www.wireshark.org/security/wnpa-sec-2017-24.html>) \n[wnpa-sec-2017-32](<https://www.wireshark.org/security/wnpa-sec-2017-32.html>) \n[wnpa-sec-2017-22](<https://www.wireshark.org/security/wnpa-sec-2017-22.html>) \n[wnpa-sec-2017-23](<https://www.wireshark.org/security/wnpa-sec-2017-23.html>) \n[wnpa-sec-2017-25](<https://www.wireshark.org/security/wnpa-sec-2017-25.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Wireshark](<https://threats.kaspersky.com/en/product/Wireshark/>)\n\n### *CVE-IDS*:\n[CVE-2017-9343](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9343>)5.0Critical \n[CVE-2017-9344](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9344>)5.0Critical \n[CVE-2017-9345](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9345>)7.8Critical \n[CVE-2017-9346](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9346>)7.8Critical \n[CVE-2017-9347](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9347>)5.0Critical \n[CVE-2017-9349](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9349>)7.8Critical \n[CVE-2017-9350](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9350>)7.8Critical \n[CVE-2017-9351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9351>)5.0Critical \n[CVE-2017-9352](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9352>)7.8Critical \n[CVE-2017-9353](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9353>)5.0Critical \n[CVE-2017-9354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9354>)5.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 43, "modified": "2020-06-18T00:00:00", "published": "2017-06-02T00:00:00", "id": "KLA11034", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11034", "title": "\r KLA11034Multiple vulnerabilities in Wireshark ", "type": "kaspersky", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-07T14:25:58", "description": "The network debugging tool wireshark was updated to version 2.2.7 to\nfix the following issues :\n\n - CVE-2017-9352: Bazaar dissector infinite loop\n (wnpa-sec-2017-22) (bsc#1042304)\n\n - CVE-2017-9348: DOF dissector read overflow\n (wnpa-sec-2017-23) (bsc#1042303)\n\n - CVE-2017-9351: DHCP dissector read overflow\n (wnpa-sec-2017-24) (bsc#1042302)\n\n - CVE-2017-9346: SoulSeek dissector infinite loop\n (wnpa-sec-2017-25) (bsc#1042301)\n\n - CVE-2017-9345: DNS dissector infinite loop\n (wnpa-sec-2017-26) (bsc#1042300)\n\n - CVE-2017-9349: DICOM dissector infinite loop\n (wnpa-sec-2017-27) (bsc#1042305)\n\n - CVE-2017-9350: openSAFETY dissector memory exh..\n (wnpa-sec-2017-28) (bsc#1042299)\n\n - CVE-2017-9344: BT L2CAP dissector divide by zero\n (wnpa-sec-2017-29) (bsc#1042298)\n\n - CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30)\n (bsc#1042309)\n\n - CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31)\n (bsc#1042308)\n\n - CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32)\n (bsc#1042307)\n\n - CVE-2017-9353: wireshark: IPv6 dissector crash\n (wnpa-sec-2017-33) (bsc#1042306)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-06-26T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2017:1663-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9347", "CVE-2017-9354", "CVE-2017-9344", "CVE-2017-9349", "CVE-2017-9353", "CVE-2017-9348", "CVE-2017-9343", "CVE-2017-9346", "CVE-2017-9345", "CVE-2017-9351", "CVE-2017-9352", "CVE-2017-9350"], "modified": "2017-06-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libwsutil7", "p-cpe:/a:novell:suse_linux:libwiretap6", "p-cpe:/a:novell:suse_linux:libwscodecs1-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:wireshark-debuginfo", "p-cpe:/a:novell:suse_linux:wireshark-gtk-debuginfo", "p-cpe:/a:novell:suse_linux:libwireshark8-debuginfo", "p-cpe:/a:novell:suse_linux:libwscodecs1", "p-cpe:/a:novell:suse_linux:wireshark-debugsource", "p-cpe:/a:novell:suse_linux:libwsutil7-debuginfo", "p-cpe:/a:novell:suse_linux:libwiretap6-debuginfo", "p-cpe:/a:novell:suse_linux:wireshark-gtk", "p-cpe:/a:novell:suse_linux:wireshark", "p-cpe:/a:novell:suse_linux:libwireshark8"], "id": "SUSE_SU-2017-1663-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101042", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1663-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101042);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9343\", \"CVE-2017-9344\", \"CVE-2017-9345\", \"CVE-2017-9346\", \"CVE-2017-9347\", \"CVE-2017-9348\", \"CVE-2017-9349\", \"CVE-2017-9350\", \"CVE-2017-9351\", \"CVE-2017-9352\", \"CVE-2017-9353\", \"CVE-2017-9354\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2017:1663-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The network debugging tool wireshark was updated to version 2.2.7 to\nfix the following issues :\n\n - CVE-2017-9352: Bazaar dissector infinite loop\n (wnpa-sec-2017-22) (bsc#1042304)\n\n - CVE-2017-9348: DOF dissector read overflow\n (wnpa-sec-2017-23) (bsc#1042303)\n\n - CVE-2017-9351: DHCP dissector read overflow\n (wnpa-sec-2017-24) (bsc#1042302)\n\n - CVE-2017-9346: SoulSeek dissector infinite loop\n (wnpa-sec-2017-25) (bsc#1042301)\n\n - CVE-2017-9345: DNS dissector infinite loop\n (wnpa-sec-2017-26) (bsc#1042300)\n\n - CVE-2017-9349: DICOM dissector infinite loop\n (wnpa-sec-2017-27) (bsc#1042305)\n\n - CVE-2017-9350: openSAFETY dissector memory exh..\n (wnpa-sec-2017-28) (bsc#1042299)\n\n - CVE-2017-9344: BT L2CAP dissector divide by zero\n (wnpa-sec-2017-29) (bsc#1042298)\n\n - CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30)\n (bsc#1042309)\n\n - CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31)\n (bsc#1042308)\n\n - CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32)\n (bsc#1042307)\n\n - CVE-2017-9353: wireshark: IPv6 dissector crash\n (wnpa-sec-2017-33) (bsc#1042306)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9343/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9344/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9347/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9354/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171663-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec52156b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1031=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1031=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1031=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1031=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwireshark8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwireshark8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwiretap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwiretap6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwscodecs1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwscodecs1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwsutil7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwsutil7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwireshark8-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwireshark8-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwiretap6-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwiretap6-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwscodecs1-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwscodecs1-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwsutil7-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwsutil7-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"wireshark-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"wireshark-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"wireshark-debugsource-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"wireshark-gtk-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"wireshark-gtk-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwireshark8-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwireshark8-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwiretap6-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwiretap6-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwscodecs1-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwscodecs1-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwsutil7-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwsutil7-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wireshark-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wireshark-debuginfo-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wireshark-debugsource-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wireshark-gtk-2.2.7-47.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"wireshark-gtk-debuginfo-2.2.7-47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T12:33:00", "description": "This update for wireshark fixes minor vulnerabilities that could be\nused to trigger dissector crashes, infinite loops, or cause excessive\nuse of CPU resources by making Wireshark read specially crafted\npackages from the network or a capture file :\n\n - CVE-2017-9352: Bazaar dissector infinite loop\n (boo#1042304)\n\n - CVE-2017-9348: DOF dissector read overflow (boo#1042303)\n\n - CVE-2017-9351: DHCP dissector read overflow\n (boo#1042302)\n\n - CVE-2017-9346: SoulSeek dissector infinite loop\n (boo#1042301)\n\n - CVE-2017-9345: DNS dissector infinite loop (boo#1042300)\n\n - CVE-2017-9349: DICOM dissector infinite loop\n (boo#1042305)\n\n - CVE-2017-9350: openSAFETY dissector memory exhaustion\n (boo#1042299)\n\n - CVE-2017-9344: BT L2CAP dissector divide by zero\n (boo#1042298)\n\n - CVE-2017-9343: MSNIP dissector crash (boo#1042309)\n\n - CVE-2017-9347: ROS dissector crash (boo#1042308)\n\n - CVE-2017-9354: RGMP dissector crash (boo#1042307)\n\n - CVE-2017-9353: IPv6 dissector crash (boo#1042306)", "edition": 21, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-06-13T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-2017-674)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9347", "CVE-2017-9354", "CVE-2017-9344", "CVE-2017-9349", "CVE-2017-9353", "CVE-2017-9348", "CVE-2017-9343", "CVE-2017-9346", "CVE-2017-9345", "CVE-2017-9351", "CVE-2017-9352", "CVE-2017-9350"], "modified": "2017-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo", "p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "p-cpe:/a:novell:opensuse:wireshark-ui-qt", "p-cpe:/a:novell:opensuse:wireshark-debugsource", "p-cpe:/a:novell:opensuse:wireshark-ui-gtk", "p-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:wireshark-debuginfo"], "id": "OPENSUSE-2017-674.NASL", "href": "https://www.tenable.com/plugins/nessus/100752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-674.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100752);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-9343\", \"CVE-2017-9344\", \"CVE-2017-9345\", \"CVE-2017-9346\", \"CVE-2017-9347\", \"CVE-2017-9348\", \"CVE-2017-9349\", \"CVE-2017-9350\", \"CVE-2017-9351\", \"CVE-2017-9352\", \"CVE-2017-9353\", \"CVE-2017-9354\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-2017-674)\");\n script_summary(english:\"Check for the openSUSE-2017-674 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for wireshark fixes minor vulnerabilities that could be\nused to trigger dissector crashes, infinite loops, or cause excessive\nuse of CPU resources by making Wireshark read specially crafted\npackages from the network or a capture file :\n\n - CVE-2017-9352: Bazaar dissector infinite loop\n (boo#1042304)\n\n - CVE-2017-9348: DOF dissector read overflow (boo#1042303)\n\n - CVE-2017-9351: DHCP dissector read overflow\n (boo#1042302)\n\n - CVE-2017-9346: SoulSeek dissector infinite loop\n (boo#1042301)\n\n - CVE-2017-9345: DNS dissector infinite loop (boo#1042300)\n\n - CVE-2017-9349: DICOM dissector infinite loop\n (boo#1042305)\n\n - CVE-2017-9350: openSAFETY dissector memory exhaustion\n (boo#1042299)\n\n - CVE-2017-9344: BT L2CAP dissector divide by zero\n (boo#1042298)\n\n - CVE-2017-9343: MSNIP dissector crash (boo#1042309)\n\n - CVE-2017-9347: ROS dissector crash (boo#1042308)\n\n - CVE-2017-9354: RGMP dissector crash (boo#1042307)\n\n - CVE-2017-9353: IPv6 dissector crash (boo#1042306)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042330\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wireshark-2.2.7-14.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wireshark-debuginfo-2.2.7-14.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wireshark-debugsource-2.2.7-14.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wireshark-devel-2.2.7-14.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wireshark-ui-gtk-2.2.7-14.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wireshark-ui-gtk-debuginfo-2.2.7-14.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wireshark-ui-qt-2.2.7-14.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"wireshark-ui-qt-debuginfo-2.2.7-14.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-debugsource / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T14:47:49", "description": "The network analysis tool wireshark was updated to version 2.0.13 to\nfix the following issues :\n\n - CVE-2017-9352: Bazaar dissector infinite loop\n (wnpa-sec-2017-22) (bsc#1042304)\n\n - CVE-2017-9348: DOF dissector read overflow\n (wnpa-sec-2017-23) (bsc#1042303)\n\n - CVE-2017-9351: DHCP dissector read overflow\n (wnpa-sec-2017-24) (bsc#1042302)\n\n - CVE-2017-9346: SoulSeek dissector infinite loop\n (wnpa-sec-2017-25) (bsc#1042301)\n\n - CVE-2017-9345: DNS dissector infinite loop\n (wnpa-sec-2017-26) (bsc#1042300)\n\n - CVE-2017-9349: DICOM dissector infinite loop\n (wnpa-sec-2017-27) (bsc#1042305)\n\n - CVE-2017-9350: openSAFETY dissector memory exh..\n (wnpa-sec-2017-28) (bsc#1042299)\n\n - CVE-2017-9344: BT L2CAP dissector divide by zero\n (wnpa-sec-2017-29) (bsc#1042298)\n\n - CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30)\n (bsc#1042309)\n\n - CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31)\n (bsc#1042308)\n\n - CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32)\n (bsc#1042307)\n\n - CVE-2017-9353: wireshark: IPv6 dissector crash\n (wnpa-sec-2017-33) (bsc#1042306)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-06-26T00:00:00", "title": "SUSE SLES11 Security Update : wireshark (SUSE-SU-2017:1664-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9347", "CVE-2017-9354", "CVE-2017-9344", "CVE-2017-9349", "CVE-2017-9353", "CVE-2017-9348", "CVE-2017-9343", "CVE-2017-9346", "CVE-2017-9345", "CVE-2017-9351", "CVE-2017-9352", "CVE-2017-9350"], "modified": "2017-06-26T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:wireshark-gtk", "p-cpe:/a:novell:suse_linux:wireshark"], "id": "SUSE_SU-2017-1664-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101043", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1664-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101043);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-9343\", \"CVE-2017-9344\", \"CVE-2017-9345\", \"CVE-2017-9346\", \"CVE-2017-9347\", \"CVE-2017-9348\", \"CVE-2017-9349\", \"CVE-2017-9350\", \"CVE-2017-9351\", \"CVE-2017-9352\", \"CVE-2017-9353\", \"CVE-2017-9354\");\n\n script_name(english:\"SUSE SLES11 Security Update : wireshark (SUSE-SU-2017:1664-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The network analysis tool wireshark was updated to version 2.0.13 to\nfix the following issues :\n\n - CVE-2017-9352: Bazaar dissector infinite loop\n (wnpa-sec-2017-22) (bsc#1042304)\n\n - CVE-2017-9348: DOF dissector read overflow\n (wnpa-sec-2017-23) (bsc#1042303)\n\n - CVE-2017-9351: DHCP dissector read overflow\n (wnpa-sec-2017-24) (bsc#1042302)\n\n - CVE-2017-9346: SoulSeek dissector infinite loop\n (wnpa-sec-2017-25) (bsc#1042301)\n\n - CVE-2017-9345: DNS dissector infinite loop\n (wnpa-sec-2017-26) (bsc#1042300)\n\n - CVE-2017-9349: DICOM dissector infinite loop\n (wnpa-sec-2017-27) (bsc#1042305)\n\n - CVE-2017-9350: openSAFETY dissector memory exh..\n (wnpa-sec-2017-28) (bsc#1042299)\n\n - CVE-2017-9344: BT L2CAP dissector divide by zero\n (wnpa-sec-2017-29) (bsc#1042298)\n\n - CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30)\n (bsc#1042309)\n\n - CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31)\n (bsc#1042308)\n\n - CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32)\n (bsc#1042307)\n\n - CVE-2017-9353: wireshark: IPv6 dissector crash\n (wnpa-sec-2017-33) (bsc#1042306)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9343/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9344/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9347/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9354/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171664-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c14fcb9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-wireshark-13170=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-wireshark-13170=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-wireshark-13170=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"wireshark-2.0.13-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"wireshark-gtk-2.0.13-39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-01T07:40:00", "description": "The version of Wireshark installed on the remote Windows host is 2.0.x\nprior to 2.0.13 or 2.2.x prior to 2.2.7. It is, therefore, affected by\nmultiple denial of service vulnerabilities :\n\n - A NULL pointer dereference flaw exists in the\n dissect_msnip() function within file\n epan/dissectors/packet-msnip.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9343)\n\n - A divide-by-zero error exists in the\n dissect_connparamrequest() function within file\n epan/dissectors/packet-btl2cap.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9344)\n\n - An infinite loop condition exists in the\n expand_dns_name() function within file\n epan/dissectors/packet-dns.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9345)\n\n - An infinite loop condition exists in the\n dissect_slsk_pdu() function within file\n epan/dissectors/packet-slsk.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9346)\n\n - A NULL pointer dereference flaw exists in the\n ros_try_string() function within file\n epan/dissectors/asn1/ros/packet-ros-template.c due to\n improper validation of user-supplied input passed as an\n OID string. An unauthenticated, remote attacker can\n exploit this, via a specially crafted packet or packet\n trace file, to cause a denial of service condition. This\n issue only affects version 2.2.x. (CVE-2017-9347)\n\n - An out-of-bounds read error exists in the\n OALMarshal_UncompressValue() function within file\n epan/dissectors/packet-dof.c when handling Distributed\n Object Framework (DOF) packets. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. This issue only affects version\n 2.2.x. (CVE-2017-9348)\n\n - An infinite loop condition exists in the\n dissect_dcm_pdu_data() function within file\n epan/dissectors/packet-dcm.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9349)\n\n - A memory allocation issue exists in the\n dissect_opensafety_ssdo_message() function within file\n epan/dissectors/packet-opensafety.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9350)\n\n - An out-of-bounds read error exists in the bootp_option()\n function within file epan/dissectors/packet-bootp.c when\n handling vendor class identifier strings in bootp\n packets due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this, via a specially crafted packet or packet trace\n file, to cause a denial of service condition.\n (CVE-2017-9351)\n\n - An infinite loop condition exists in the\n get_bzr_pdu_len() function within file\n epan/dissectors/packet-bzr.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9352)\n\n - A NULL pointer dereference flaw exists in the\n dissect_routing6_rpl() function within file\n epan/dissectors/packet-ipv6.c due to improper validation\n of user-supplied input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet or packet trace file, to cause a denial of\n service condition. This issue only affects version\n 2.2.x. (CVE-2017-9353)\n\n - A NULL pointer dereference flaw exists in the\n dissect_rgmp() function within file\n epan/dissectors/packet-rgmp.c due to improper validation\n of user-supplied input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet or packet trace file, to cause a denial of\n service condition. (CVE-2017-9354)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-06-07T00:00:00", "title": "Wireshark 2.0.x < 2.0.13 / 2.2.x < 2.2.7 Multiple DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9347", "CVE-2017-9354", "CVE-2017-9344", "CVE-2017-9349", "CVE-2017-9353", "CVE-2017-9348", "CVE-2017-9343", "CVE-2017-9346", "CVE-2017-9345", "CVE-2017-9351", "CVE-2017-9352", "CVE-2017-9350"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_2_2_7.NASL", "href": "https://www.tenable.com/plugins/nessus/100671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100671);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/07 16:46:51\");\n\n script_cve_id(\n \"CVE-2017-9343\",\n \"CVE-2017-9344\",\n \"CVE-2017-9345\",\n \"CVE-2017-9346\",\n \"CVE-2017-9347\",\n \"CVE-2017-9348\",\n \"CVE-2017-9349\",\n \"CVE-2017-9350\",\n \"CVE-2017-9351\",\n \"CVE-2017-9352\",\n \"CVE-2017-9353\",\n \"CVE-2017-9354\"\n );\n script_bugtraq_id(\n 98796,\n 98797,\n 98798,\n 98799,\n 98800,\n 98801,\n 98802,\n 98803,\n 98804,\n 98805,\n 98806,\n 98808\n );\n\n script_name(english:\"Wireshark 2.0.x < 2.0.13 / 2.2.x < 2.2.7 Multiple DoS\");\n script_summary(english:\"Checks the version of Wireshark.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by\nmultiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Wireshark installed on the remote Windows host is 2.0.x\nprior to 2.0.13 or 2.2.x prior to 2.2.7. It is, therefore, affected by\nmultiple denial of service vulnerabilities :\n\n - A NULL pointer dereference flaw exists in the\n dissect_msnip() function within file\n epan/dissectors/packet-msnip.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9343)\n\n - A divide-by-zero error exists in the\n dissect_connparamrequest() function within file\n epan/dissectors/packet-btl2cap.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9344)\n\n - An infinite loop condition exists in the\n expand_dns_name() function within file\n epan/dissectors/packet-dns.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9345)\n\n - An infinite loop condition exists in the\n dissect_slsk_pdu() function within file\n epan/dissectors/packet-slsk.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9346)\n\n - A NULL pointer dereference flaw exists in the\n ros_try_string() function within file\n epan/dissectors/asn1/ros/packet-ros-template.c due to\n improper validation of user-supplied input passed as an\n OID string. An unauthenticated, remote attacker can\n exploit this, via a specially crafted packet or packet\n trace file, to cause a denial of service condition. This\n issue only affects version 2.2.x. (CVE-2017-9347)\n\n - An out-of-bounds read error exists in the\n OALMarshal_UncompressValue() function within file\n epan/dissectors/packet-dof.c when handling Distributed\n Object Framework (DOF) packets. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. This issue only affects version\n 2.2.x. (CVE-2017-9348)\n\n - An infinite loop condition exists in the\n dissect_dcm_pdu_data() function within file\n epan/dissectors/packet-dcm.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9349)\n\n - A memory allocation issue exists in the\n dissect_opensafety_ssdo_message() function within file\n epan/dissectors/packet-opensafety.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9350)\n\n - An out-of-bounds read error exists in the bootp_option()\n function within file epan/dissectors/packet-bootp.c when\n handling vendor class identifier strings in bootp\n packets due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this, via a specially crafted packet or packet trace\n file, to cause a denial of service condition.\n (CVE-2017-9351)\n\n - An infinite loop condition exists in the\n get_bzr_pdu_len() function within file\n epan/dissectors/packet-bzr.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9352)\n\n - A NULL pointer dereference flaw exists in the\n dissect_routing6_rpl() function within file\n epan/dissectors/packet-ipv6.c due to improper validation\n of user-supplied input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet or packet trace file, to cause a denial of\n service condition. This issue only affects version\n 2.2.x. (CVE-2017-9353)\n\n - A NULL pointer dereference flaw exists in the\n dissect_rgmp() function within file\n epan/dissectors/packet-rgmp.c due to improper validation\n of user-supplied input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet or packet trace file, to cause a denial of\n service condition. (CVE-2017-9354)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-2.0.13.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-33.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-32.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-31.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-30.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-29.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-28.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-27.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-26.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-25.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-24.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-23.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-22.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark version 2.0.13 / 2.2.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"installed_sw/Wireshark\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"Wireshark\", win_local:TRUE);\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"fixed_version\" : \"2.0.13\" },\n { \"min_version\" : \"2.2.0\", \"fixed_version\" : \"2.2.7\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-02-01T03:59:10", "description": "The version of Wireshark installed on the remote macOS or Mac OS X\nhost is 2.0.x prior to 2.0.13 or 2.2.x prior to 2.2.7. It is,\ntherefore, affected by multiple denial of service vulnerabilities :\n\n - A NULL pointer dereference flaw exists in the\n dissect_msnip() function within file\n epan/dissectors/packet-msnip.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9343)\n\n - A divide-by-zero error exists in the\n dissect_connparamrequest() function within file\n epan/dissectors/packet-btl2cap.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9344)\n\n - An infinite loop condition exists in the\n expand_dns_name() function within file\n epan/dissectors/packet-dns.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9345)\n\n - An infinite loop condition exists in the\n dissect_slsk_pdu() function within file\n epan/dissectors/packet-slsk.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9346)\n\n - A NULL pointer dereference flaw exists in the\n ros_try_string() function within file\n epan/dissectors/asn1/ros/packet-ros-template.c due to\n improper validation of user-supplied input passed as an\n OID string. An unauthenticated, remote attacker can\n exploit this, via a specially crafted packet or packet\n trace file, to cause a denial of service condition. This\n issue only affects version 2.2.x. (CVE-2017-9347)\n\n - An out-of-bounds read error exists in the\n OALMarshal_UncompressValue() function within file\n epan/dissectors/packet-dof.c when handling Distributed\n Object Framework (DOF) packets. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. This issue only affects version\n 2.2.x. (CVE-2017-9348)\n\n - An infinite loop condition exists in the\n dissect_dcm_pdu_data() function within file\n epan/dissectors/packet-dcm.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9349)\n\n - A memory allocation issue exists in the\n dissect_opensafety_ssdo_message() function within file\n epan/dissectors/packet-opensafety.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9350)\n\n - An out-of-bounds read error exists in the bootp_option()\n function within file epan/dissectors/packet-bootp.c when\n handling vendor class identifier strings in bootp\n packets due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this, via a specially crafted packet or packet trace\n file, to cause a denial of service condition.\n (CVE-2017-9351)\n\n - An infinite loop condition exists in the\n get_bzr_pdu_len() function within file\n epan/dissectors/packet-bzr.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9352)\n\n - A NULL pointer dereference flaw exists in the\n dissect_routing6_rpl() function within file\n epan/dissectors/packet-ipv6.c due to improper validation\n of user-supplied input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet or packet trace file, to cause a denial of\n service condition. This issue only affects version\n 2.2.x. (CVE-2017-9353)\n\n - A NULL pointer dereference flaw exists in the\n dissect_rgmp() function within file\n epan/dissectors/packet-rgmp.c due to improper validation\n of user-supplied input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet or packet trace file, to cause a denial of\n service condition. (CVE-2017-9354)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-06-07T00:00:00", "title": "Wireshark 2.0.x < 2.0.13 / 2.2.x < 2.2.7 Multiple DoS (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9347", "CVE-2017-9354", "CVE-2017-9344", "CVE-2017-9349", "CVE-2017-9353", "CVE-2017-9348", "CVE-2017-9343", "CVE-2017-9346", "CVE-2017-9345", "CVE-2017-9351", "CVE-2017-9352", "CVE-2017-9350"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "MACOSX_WIRESHARK_2_2_7.NASL", "href": "https://www.tenable.com/plugins/nessus/100670", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100670);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\n \"CVE-2017-9343\",\n \"CVE-2017-9344\",\n \"CVE-2017-9345\",\n \"CVE-2017-9346\",\n \"CVE-2017-9347\",\n \"CVE-2017-9348\",\n \"CVE-2017-9349\",\n \"CVE-2017-9350\",\n \"CVE-2017-9351\",\n \"CVE-2017-9352\",\n \"CVE-2017-9353\",\n \"CVE-2017-9354\"\n );\n script_bugtraq_id(\n 98796,\n 98797,\n 98798,\n 98799,\n 98800,\n 98801,\n 98802,\n 98803,\n 98804,\n 98805,\n 98806,\n 98808\n );\n\n script_name(english:\"Wireshark 2.0.x < 2.0.13 / 2.2.x < 2.2.7 Multiple DoS (macOS)\");\n script_summary(english:\"Checks the version of Wireshark.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote macOS or Mac OS X host is\naffected by multiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Wireshark installed on the remote macOS or Mac OS X\nhost is 2.0.x prior to 2.0.13 or 2.2.x prior to 2.2.7. It is,\ntherefore, affected by multiple denial of service vulnerabilities :\n\n - A NULL pointer dereference flaw exists in the\n dissect_msnip() function within file\n epan/dissectors/packet-msnip.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9343)\n\n - A divide-by-zero error exists in the\n dissect_connparamrequest() function within file\n epan/dissectors/packet-btl2cap.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9344)\n\n - An infinite loop condition exists in the\n expand_dns_name() function within file\n epan/dissectors/packet-dns.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9345)\n\n - An infinite loop condition exists in the\n dissect_slsk_pdu() function within file\n epan/dissectors/packet-slsk.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9346)\n\n - A NULL pointer dereference flaw exists in the\n ros_try_string() function within file\n epan/dissectors/asn1/ros/packet-ros-template.c due to\n improper validation of user-supplied input passed as an\n OID string. An unauthenticated, remote attacker can\n exploit this, via a specially crafted packet or packet\n trace file, to cause a denial of service condition. This\n issue only affects version 2.2.x. (CVE-2017-9347)\n\n - An out-of-bounds read error exists in the\n OALMarshal_UncompressValue() function within file\n epan/dissectors/packet-dof.c when handling Distributed\n Object Framework (DOF) packets. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. This issue only affects version\n 2.2.x. (CVE-2017-9348)\n\n - An infinite loop condition exists in the\n dissect_dcm_pdu_data() function within file\n epan/dissectors/packet-dcm.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9349)\n\n - A memory allocation issue exists in the\n dissect_opensafety_ssdo_message() function within file\n epan/dissectors/packet-opensafety.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted packet or packet trace file, to cause a denial\n of service condition. (CVE-2017-9350)\n\n - An out-of-bounds read error exists in the bootp_option()\n function within file epan/dissectors/packet-bootp.c when\n handling vendor class identifier strings in bootp\n packets due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this, via a specially crafted packet or packet trace\n file, to cause a denial of service condition.\n (CVE-2017-9351)\n\n - An infinite loop condition exists in the\n get_bzr_pdu_len() function within file\n epan/dissectors/packet-bzr.c when handling packets or\n packet trace files. An unauthenticated, remote attacker\n can exploit this, via a specially crafted packet or\n packet trace file, to consume excessive CPU resources,\n resulting in a denial of service condition.\n (CVE-2017-9352)\n\n - A NULL pointer dereference flaw exists in the\n dissect_routing6_rpl() function within file\n epan/dissectors/packet-ipv6.c due to improper validation\n of user-supplied input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet or packet trace file, to cause a denial of\n service condition. This issue only affects version\n 2.2.x. (CVE-2017-9353)\n\n - A NULL pointer dereference flaw exists in the\n dissect_rgmp() function within file\n epan/dissectors/packet-rgmp.c due to improper validation\n of user-supplied input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet or packet trace file, to cause a denial of\n service condition. (CVE-2017-9354)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-2.0.13.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-33.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-32.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-31.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-30.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-29.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-28.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-27.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-26.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-25.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-24.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-23.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2017-22.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark version 2.0.13 / 2.2.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_wireshark_installed.nbin\");\n script_require_keys(\"installed_sw/Wireshark\", \"Host/MacOSX/Version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"Host/MacOSX/Version\");\n\napp_info = vcf::get_app_info(app:\"Wireshark\");\n\nconstraints = [\n { \"min_version\" : \"2.0.0\", \"fixed_version\" : \"2.0.13\" },\n { \"min_version\" : \"2.2.0\", \"fixed_version\" : \"2.2.7\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9343", "CVE-2017-9344", "CVE-2017-9345", "CVE-2017-9346", "CVE-2017-9347", "CVE-2017-9348", "CVE-2017-9349", "CVE-2017-9350", "CVE-2017-9351", "CVE-2017-9352", "CVE-2017-9353", "CVE-2017-9354"], "description": "Arch Linux Security Advisory ASA-201706-9\n=========================================\n\nSeverity: Low\nDate : 2017-06-12\nCVE-ID : CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346\nCVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350\nCVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354\nPackage : wireshark-cli\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-287\n\nSummary\n=======\n\nThe package wireshark-cli before version 2.2.7-1 is vulnerable to\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 2.2.7-1.\n\n# pacman -Syu \"wireshark-cli>=2.2.7-1\"\n\nThe problems have been fixed upstream in version 2.2.7.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-9343 (denial of service)\n\nAn issue has been found in the MSNIP dissector of Wireshark < 2.2.7,\nwhere NULL pointer dereference can be triggered by injecting a\nmalicious packet into the wire or by convincing someone to read a\nmalformed packet trace file.\n\n- CVE-2017-9344 (denial of service)\n\nAn issue has been found in the BT L2CAP dissector of Wireshark < 2.2.7,\nwhere a division by zero can be triggered by injecting a malicious\npacket into the wire or by convincing someone to read a malformed\npacket trace file.\n\n- CVE-2017-9345 (denial of service)\n\nAn issue has been found in the DNS dissector of Wireshark < 2.2.7,\nwhere an infinite loop can be triggered by injecting a malicious packet\ninto the wire or by convincing someone to read a malformed packet trace\nfile.\n\n- CVE-2017-9346 (denial of service)\n\nAn issue has been found in the SoulSeek dissector of Wireshark < 2.2.7,\nwhere an infinite loop can be triggered by injecting a malicious packet\ninto the wire or by convincing someone to read a malformed packet trace\nfile.\n\n- CVE-2017-9347 (denial of service)\n\nAn issue has been found in the ROS dissector of Wireshark < 2.2.7,\nwhere an NULL pointer dereference can be triggered by injecting a\nmalicious packet into the wire or by convincing someone to read a\nmalformed packet trace file.\n\n- CVE-2017-9348 (denial of service)\n\nAn issue has been found in the DOF dissector of Wireshark < 2.2.7,\nwhere a heap-based out-of-bounds read can be triggered by injecting a\nmalicious packet into the wire or by convincing someone to read a\nmalformed packet trace file.\n\n- CVE-2017-9349 (denial of service)\n\nAn issue has been found in the DICOM dissector of Wireshark < 2.2.7,\nwhere an infinite loop can be triggered by injecting a malicious packet\ninto the wire or by convincing someone to read a malformed packet trace\nfile.\n\n- CVE-2017-9350 (denial of service)\n\nAn issue has been found in the openSAFETY dissector of Wireshark <\n2.2.7, where an over-sized memory allocation can be triggered by\ninjecting a malicious packet into the wire or by convincing someone to\nread a malformed packet trace file.\n\n- CVE-2017-9351 (denial of service)\n\nAn issue has been found in the DHCP dissector of Wireshark < 2.2.7,\nwhere a heap-based out-of-bounds read can be triggered by injecting a\nmalicious packet into the wire or by convincing someone to read a\nmalformed packet trace file.\n\n- CVE-2017-9352 (denial of service)\n\nAn issue has been found in the bazaar dissector of Wireshark < 2.2.7,\nwhere an infinite loop can be triggered by injecting a malicious packet\ninto the wire or by convincing someone to read a malformed packet trace\nfile.\n\n- CVE-2017-9353 (denial of service)\n\nAn issue has been found in the IPv6 dissector of Wireshark < 2.2.7,\nwhere a NULL pointer dereference can be triggered by injecting a\nmalicious packet into the wire or by convincing someone to read a\nmalformed packet trace file.\n\n- CVE-2017-9354 (denial of service)\n\nAn issue has been found in the RGMP dissector of Wireshark < 2.2.7,\nwhere a NULL pointer dereference can be triggered by injecting a\nmalicious packet into the wire or by convincing someone to read a\nmalformed packet trace file.\n\nImpact\n======\n\nA remote attacker can cause a denial of service by injecting a\nmalicious packet into the wire or by convincing someone to read a\nmalformed packet trace file.\n\nReferences\n==========\n\nhttps://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html\nhttps://www.wireshark.org/security/wnpa-sec-2017-30.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725\nhttps://www.wireshark.org/security/wnpa-sec-2017-29.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701\nhttps://www.wireshark.org/security/wnpa-sec-2017-26.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633\nhttps://www.wireshark.org/security/wnpa-sec-2017-25.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631\nhttps://www.wireshark.org/security/wnpa-sec-2017-31.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637\nhttps://www.wireshark.org/security/wnpa-sec-2017-23.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608\nhttps://www.wireshark.org/security/wnpa-sec-2017-27.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685\nhttps://www.wireshark.org/security/wnpa-sec-2017-28.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649\nhttps://www.wireshark.org/security/wnpa-sec-2017-24.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13628\nhttps://www.wireshark.org/security/wnpa-sec-2017-22.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599\nhttps://www.wireshark.org/security/wnpa-sec-2017-33.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675\nhttps://www.wireshark.org/security/wnpa-sec-2017-32.html\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646\nhttps://security.archlinux.org/CVE-2017-9343\nhttps://security.archlinux.org/CVE-2017-9344\nhttps://security.archlinux.org/CVE-2017-9345\nhttps://security.archlinux.org/CVE-2017-9346\nhttps://security.archlinux.org/CVE-2017-9347\nhttps://security.archlinux.org/CVE-2017-9348\nhttps://security.archlinux.org/CVE-2017-9349\nhttps://security.archlinux.org/CVE-2017-9350\nhttps://security.archlinux.org/CVE-2017-9351\nhttps://security.archlinux.org/CVE-2017-9352\nhttps://security.archlinux.org/CVE-2017-9353\nhttps://security.archlinux.org/CVE-2017-9354", "modified": "2017-06-12T00:00:00", "published": "2017-06-12T00:00:00", "id": "ASA-201706-9", "href": "https://security.archlinux.org/ASA-201706-9", "type": "archlinux", "title": "[ASA-201706-9] wireshark-cli: denial of service", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
