Wireshark BGP dissector Infinite Loop Denial of Service Vulnerability



Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets.

Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service.

Wireshark 2.2.0 through 2.2.5 and 2.0.0 through 2.0.11 are vulnerable.

Information

Bugtraq ID: 97632
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-7701

Remote: Yes
Local: No
Published: Apr 12 2017 12:00AM
Updated: Jun 07 2017 10:02AM
Credit: Jakub Zawadzki
Vulnerable: Wireshark Wireshark 2.2.5
Wireshark Wireshark 2.2.4
Wireshark Wireshark 2.2.3
Wireshark Wireshark 2.2.2
Wireshark Wireshark 2.2.1
Wireshark Wireshark 2.2
Wireshark Wireshark 2.0.11
Wireshark Wireshark 2.0.10
Wireshark Wireshark 2.0.9
Wireshark Wireshark 2.0.8
Wireshark Wireshark 2.0.7
Wireshark Wireshark 2.0.6
Wireshark Wireshark 2.0.5
Wireshark Wireshark 2.0.3
Wireshark Wireshark 2.0.2
Wireshark Wireshark 2.0.4
Wireshark Wireshark 2.0.1
Wireshark Wireshark 2.0.0
Gentoo Linux


Not Vulnerable: Wireshark Wireshark 2.2.6
Wireshark Wireshark 2.0.12


Exploit


A sample packet trace file is available in the Wireshark bug report. Please see the references for more information.


Related Posts

Comments