Wireshark 'dissectors/asn1/ros/packet-ros-template.c' Denial of Service Vulnerability



Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets.

Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions.

Wireshark 2.2.0 through 2.2.12 are vulnerable; other versions may also be affected.

Information

Bugtraq ID: 98800
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-9347

Remote: Yes
Local: No
Published: Jun 01 2017 12:00AM
Updated: Jun 01 2017 12:00AM
Credit: OSS-Fuzz project.
Vulnerable: Wireshark Wireshark 2.2.12
Wireshark Wireshark 2.2.6
Wireshark Wireshark 2.2.5
Wireshark Wireshark 2.2.4
Wireshark Wireshark 2.2.3
Wireshark Wireshark 2.2.2
Wireshark Wireshark 2.2.1
Wireshark Wireshark 2.2
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0


Not Vulnerable: Wireshark Wireshark 2.2.7


Exploit


A sample packet trace file is available in the Wireshark bug report. Please see the references for more information.


Related Posts

Comments