Multiple vulnerabilities in Wireshark

1) Null pointer dereference

EUVDB-ID: #VU6905

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9343

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in the MSNIP dissector when validating an IPv4 address. A remote attacker can inject a malformed packet epan/dissectors/packet-msnip.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.0.13, 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.0.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.0.12:*:*:*:*:*:*:*
• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-30.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Divide by zero

EUVDB-ID: #VU6906

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9344

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to divide by zero in the Bluetooth L2CAP dissector when validating an interval value. A remote attacker can inject a malformed packet epan/dissectors/packet-btl2cap.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.0.13, 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.0.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.0.12:*:*:*:*:*:*:*
• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-29.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Infinite loop

EUVDB-ID: #VU6907

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9345

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the DNS dissector when trying to detect self-referencing pointers. A remote attacker can inject a malformed packet epan/dissectors/packet-dns.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.0.13, 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.0.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.0.12:*:*:*:*:*:*:*
• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-26.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Infinite loop

EUVDB-ID: #VU6908

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9346

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the SoulSeek dissector when making loop bounds more explicit. A remote attacker can inject a malformed packet epan/dissectors/packet-slsk.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.0.13, 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.0.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.0.12:*:*:*:*:*:*:*
• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-25.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Null pointer dereference

EUVDB-ID: #VU6909

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-9347

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in the ROS dissector when validating an OID. A remote attacker can inject a malformed packet epan/dissectors/asn1/ros/packet-ros-template.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.2.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-31.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Out-of-bounds read

EUVDB-ID: #VU6910

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9348

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the DOF dissector when validating a size value. A remote attacker can inject a malformed packet epan/dissectors/packet-dof.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.2.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-23.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Infinite loop

EUVDB-ID: #VU6911

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9349

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the DICOM dissector when validating a length value. A remote attacker can inject a malformed packet epan/dissectors/packet-dcm.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.0.13, 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.0.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.0.12:*:*:*:*:*:*:*
• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-27.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory corruption

EUVDB-ID: #VU6912

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9350

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to memory corruption in the DICOM dissector when checking for a negative length. A remote attacker can inject a malformed packet epan/dissectors/packet-opensafety.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.0.13, 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.0.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.0.12:*:*:*:*:*:*:*
• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-28.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU6913

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9351

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to memory corruption in the DHCP dissector. A remote attacker can inject a malformed packet epan/dissectors/packet-bootp.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.0.13, 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.0.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.0.12:*:*:*:*:*:*:*
• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-24.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Infinite loop

EUVDB-ID: #VU6914

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9352

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop in the Bazaar dissector could when backwards parsing. A remote attacker can inject a malformed packet epan/dissectors/packet-bzr.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.2.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-22.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Denial of service

EUVDB-ID: #VU6915

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-9353

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the IPv6 dissector due to improper validation of an IPv6 address. A remote attacker can inject a malformed packet epan/dissectors/packet-ipv6.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.2.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-33.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Denial of service

EUVDB-ID: #VU6916

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9354

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the RGMP dissector due to improper validation of an IPv4 address. A remote attacker can inject a malformed packet epan/dissectors/packet-rgmp.c onto the wire or persuade the target user to read a malformed packet trace file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.0.13, 2.2.7 or later.

Vulnerable software versions

Wireshark: 2.0.0 - 2.2.6

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:2.0.12:*:*:*:*:*:*:*
• cpe:2.3:a:wireshark_org:wireshark:2.2.6:*:*:*:*:*:*:*

External links

http://www.wireshark.org/security/wnpa-sec-2017-32.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.