Wireshark 'dissectors/packet-packetbb.c' Denial of Service Vulnerability

Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets.

Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions.

Wireshark 2.2.0 through 2.2.5 and 2.0.0 through 2.0.11 are vulnerable.

Information

Bugtraq ID: 97638
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-7747

Remote: Yes
Local: No
Published: Apr 12 2017 12:00AM
Updated: Apr 13 2017 09:05PM
Credit: Wireshark
Vulnerable: Wireshark Wireshark 2.2.5
Wireshark Wireshark 2.2.4
Wireshark Wireshark 2.2.3
Wireshark Wireshark 2.2.2
Wireshark Wireshark 2.2.1
Wireshark Wireshark 2.2
Wireshark Wireshark 2.0.11
Wireshark Wireshark 2.0.10
Wireshark Wireshark 2.0.9
Wireshark Wireshark 2.0.8
Wireshark Wireshark 2.0.7
Wireshark Wireshark 2.0.6
Wireshark Wireshark 2.0.5
Wireshark Wireshark 2.0.3
Wireshark Wireshark 2.0.2
Wireshark Wireshark 2.0.4
Wireshark Wireshark 2.0.1
Wireshark Wireshark 2.0.0

Not Vulnerable: Wireshark Wireshark 2.2.6
Wireshark Wireshark 2.0.12

Exploit

A sample packet trace file is available in the Wireshark bug report. Please see the references for more information.

References:

• Wireshark Homepage (Wireshark)
  
• wnpa-sec-2017-18 · PacketBB dissector crash (Wireshark)
  

Source: www.securityfocus.com