SB2017060602 - Multiple vulnerabilities in Wireshark
Published: June 6, 2017
Security Bulletin ID
SB2017060602
Severity
Low
Patch available
YES
Number of vulnerabilities
12
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Null pointer dereference (CVE-ID: CVE-2017-9343)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference in the MSNIP dissector when validating an IPv4 address. A remote attacker can inject a malformed packet epan/dissectors/packet-msnip.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
2) Divide by zero (CVE-ID: CVE-2017-9344)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to divide by zero in the Bluetooth L2CAP dissector when validating an interval value. A remote attacker can inject a malformed packet epan/dissectors/packet-btl2cap.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
3) Infinite loop (CVE-ID: CVE-2017-9345)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to infinite loop in the DNS dissector when trying to detect self-referencing pointers. A remote attacker can inject a malformed packet epan/dissectors/packet-dns.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
4) Infinite loop (CVE-ID: CVE-2017-9346)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to infinite loop in the SoulSeek dissector when making loop bounds more explicit. A remote attacker can inject a malformed packet epan/dissectors/packet-slsk.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
5) Null pointer dereference (CVE-ID: CVE-2017-9347)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference in the ROS dissector when validating an OID. A remote attacker can inject a malformed packet epan/dissectors/asn1/ros/packet-ros-template.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
6) Out-of-bounds read (CVE-ID: CVE-2017-9348)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read in the DOF dissector when validating a size value. A remote attacker can inject a malformed packet epan/dissectors/packet-dof.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
7) Infinite loop (CVE-ID: CVE-2017-9349)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to infinite loop in the DICOM dissector when validating a length value. A remote attacker can inject a malformed packet epan/dissectors/packet-dcm.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
8) Memory corruption (CVE-ID: CVE-2017-9350)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to memory corruption in the DICOM dissector when checking for a negative length. A remote attacker can inject a malformed packet epan/dissectors/packet-opensafety.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
9) Out-of-bounds read (CVE-ID: CVE-2017-9351)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to memory corruption in the DHCP dissector. A remote attacker can inject a malformed packet epan/dissectors/packet-bootp.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
10) Infinite loop (CVE-ID: CVE-2017-9352)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to infinite loop in the Bazaar dissector could when backwards parsing. A remote attacker can inject a malformed packet epan/dissectors/packet-bzr.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
11) Denial of service (CVE-ID: CVE-2017-9353)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the IPv6 dissector due to improper validation of an IPv6 address. A remote attacker can inject a malformed packet epan/dissectors/packet-ipv6.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
12) Denial of service (CVE-ID: CVE-2017-9354)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the RGMP dissector due to improper validation of an IPv4 address. A remote attacker can inject a malformed packet epan/dissectors/packet-rgmp.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.
References
- https://www.wireshark.org/security/wnpa-sec-2017-30.html
- https://www.wireshark.org/security/wnpa-sec-2017-29.html
- https://www.wireshark.org/security/wnpa-sec-2017-26.html
- https://www.wireshark.org/security/wnpa-sec-2017-25.html
- https://www.wireshark.org/security/wnpa-sec-2017-31.html
- https://www.wireshark.org/security/wnpa-sec-2017-23.html
- https://www.wireshark.org/security/wnpa-sec-2017-27.html
- https://www.wireshark.org/security/wnpa-sec-2017-28.html
- https://www.wireshark.org/security/wnpa-sec-2017-24.html
- https://www.wireshark.org/security/wnpa-sec-2017-22.html
- https://www.wireshark.org/security/wnpa-sec-2017-33.html
- https://www.wireshark.org/security/wnpa-sec-2017-32.html