Wireshark DOF Dissector 'packet-dof.c' Infinite Loop Denial of Service Vulnerability

Wireshark is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service.

Wireshark 2.2.0 through 2.2.5 are vulnerable.

Information

Bugtraq ID: 97634
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-7704

Remote: Yes
Local: No
Published: Apr 12 2017 12:00AM
Updated: Apr 13 2017 08:05PM
Credit: Buildbot Builder
Vulnerable: Wireshark Wireshark 2.2.5
Wireshark Wireshark 2.2.4
Wireshark Wireshark 2.2.3
Wireshark Wireshark 2.2.2
Wireshark Wireshark 2.2.1
Wireshark Wireshark 2.2

Not Vulnerable: Wireshark Wireshark 2.2.6

Exploit

A sample packet trace file is available in the Wireshark bug report. Please see the references for more information.

References:

• Wireshark Homepage (Wireshark)
  
• Bug 13453 - Buildbot crash output: fuzz-2017-03-04-4648.pcap (Wireshark)
  
• wnpa-sec-2017-17 · DOF dissector infinite loop (Wireshark)
  

Source: www.securityfocus.com