Main Vulnerability Database SB2017102317

SB2017102317 - Out-of-bounds write in wireshark (Alpine package)

Published: October 23, 2017

Security Bulletin ID SB2017102317

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2017-13766)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds write in the Profinet I/O dissector. A remote attacker can inject a malformed packet onto the wire, trigger Wireshark to consume excessive CPU resources and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=172c0bd3e6c3e2b6dab46dae04008d430f0d44a5
https://git.alpinelinux.org/aports/commit/?id=b0601c956e7cb028e122152d19232b78d8b224f0
https://git.alpinelinux.org/aports/commit/?id=2bb9ce2b3f960a3b8bfd71bda6a5998bdfa56f6c