Wireshark 2.0.10 packet Remote Code Execution Vulnerability

Summary

It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Credit:

The information has been provided by Antti Levom.
The original article can be found at: http://www.securityfocus.com/bid/96563


Details

Vulnerable Systems:
 * Wireshark 2.0.0
 * Wireshark 2.0.1
 * Wireshark 2.0.2
 * Wireshark 2.0.3
 * Wireshark 2.0.4
 * Wireshark 2.0.5
 * Wireshark 2.0.6
 * Wireshark 2.0.7
 * Wireshark 2.0.8
 * Wireshark 2.0.9
 * Wireshark 2.0.10
 * Wireshark 2.2.0
 * Wireshark 2.2.1
 * Wireshark 2.2.2
 * Wireshark 2.2.3
 * Wireshark 2.2.4

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness.

CVE Information:
CVE-2017-6470

Disclosure Timeline:
Publish Date : 2017-03-03
Last Update Date : 2017-03-14

Categories: News