Wireshark 'epan/dissectors/packet-ipv6.c' Denial of Service Vulnerability



Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets.

Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions.

Wireshark 2.2.0 through 2.2.6 are vulnerable.

Information

Bugtraq ID: 98805
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-9353

Remote: Yes
Local: No
Published: Jun 05 2017 12:00AM
Updated: Jun 05 2017 12:00AM
Credit: OSS-Fuzz project.
Vulnerable: Wireshark Wireshark 2.2.6
Wireshark Wireshark 2.2.5
Wireshark Wireshark 2.2.4
Wireshark Wireshark 2.2.3
Wireshark Wireshark 2.2.2
Wireshark Wireshark 2.2.1
Wireshark Wireshark 2.2
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0


Not Vulnerable: Wireshark Wireshark 2.2.7


Exploit


A sample packet trace file is available in the Wireshark bug report. Please see the references for more information.


Related Posts

Comments