Lucene search

K
kasperskyKaspersky LabKLA10965
HistoryMar 03, 2017 - 12:00 a.m.

KLA10965 Denial of service vulnerabilities in Wireshark

2017-03-0300:00:00
Kaspersky Lab
threats.kaspersky.com
25

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.003

Percentile

66.2%

Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.10 and 2.2.0 to 2.2.4. Malicious users can exploit these vulnerabilities possibly to cause a denial of service.

Below is a complete list of vulnerabilities:

  1. An LDSS dissector crash can be exploited remotely via packet injection or a malformed capture file possibly to cause a denial of service;
  2. An IAX2 infinite loop can be exploited remotely via a malformed capture file or a packet injection possibly to cause a denial of service;
  3. A WSP infinite loop can be exploited remotely via a malformed capture file or a packet injection possibly to cause a denial of service;
  4. An RTMPT dissector infinite loop can be exploited remotely via a malformed capture file or a packet injection possibly to cause a denial of service;
  5. A K12 file parser crash can be exploited remotely via a malformed capture file possibly to cause a denial of service;
  6. A NetScaler file parser infinite loop can be exploited remotely via a malformed capture file possibly to cause a denial of service;
  7. A NetScaler file parser crash can be exploited remotely via a malformed capture file possibly to cause a denial of service.

Technical details

Vulnerability (1) was found in epan/dissectors/packet-ldss.c when checking that memory allocation is done for a certain data structure.

Vulnerability (2) was found in epan/dissectors/packet-iax2.c when making constraints to packet lateness.

Vulnerability (3) was found in epan/dissectors/packet-wsp.c when validating the capability length.

Vulnerability (4) was found in epan/dissectors/packet-rtmpt.c when accurately incrementing a certain sequence value.

Vulnerability (5) was found in wiretap/k12.c when validating the relationships between offsets and lengths.

Vulnerability (6) was found in wiretap/netscaler.c when validating record sizes and changing the file size restrictions.

Vulnerability (7) was found in wiretap/netscaler.c when validating the relationship between records and pages.

Original advisories

wnpa-sec-2017-07

wnpa-sec-2017-09

wnpa-sec-2017-10

wnpa-sec-2017-03

wnpa-sec-2017-04

wnpa-sec-2017-05

wnpa-sec-2017-08

wnpa-sec-2017-11

Related products

Wireshark

CVE list

CVE-2017-6472 warning

CVE-2017-6473 warning

CVE-2017-6474 warning

CVE-2017-6467 warning

CVE-2017-6468 warning

CVE-2017-6469 warning

CVE-2017-6470 critical

CVE-2017-6471 warning

Solution

Update to the latest version

Download Wireshark

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Wireshark 2.0.0 to 2.0.10Wireshark 2.2.0 to 2.2.4

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.003

Percentile

66.2%