CVE-2017-5597

Name
CVE-2017-5597
Description
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org http://www.debian.org/security/2017/dsa-3811
cve@mitre.org http://www.securityfocus.com/bid/95798
cve@mitre.org http://www.securitytracker.com/id/1037694
Issue Tracking https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345
Patch https://code.wireshark.org/review/#/c/19747/
cve@mitre.org https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=57894f741f7cc98b46c9fdce7eee8256d2a4ae3f
Vendor Advisory https://www.wireshark.org/security/wnpa-sec-2017-02.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:* wireshark == None == 2.0.0
cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:* wireshark == None == 2.0.1
cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:* wireshark == None == 2.0.2
cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:* wireshark == None == 2.0.3
cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:* wireshark == None == 2.0.4
cpe:2.3:a:wireshark:wireshark:2.0.5:*:*:*:*:*:*:* wireshark == None == 2.0.5
cpe:2.3:a:wireshark:wireshark:2.0.6:*:*:*:*:*:*:* wireshark == None == 2.0.6
cpe:2.3:a:wireshark:wireshark:2.0.7:*:*:*:*:*:*:* wireshark == None == 2.0.7
cpe:2.3:a:wireshark:wireshark:2.0.8:*:*:*:*:*:*:* wireshark == None == 2.0.8
cpe:2.3:a:wireshark:wireshark:2.0.9:*:*:*:*:*:*:* wireshark == None == 2.0.9
cpe:2.3:a:wireshark:wireshark:2.2.0:*:*:*:*:*:*:* wireshark == None == 2.2.0
cpe:2.3:a:wireshark:wireshark:2.2.1:*:*:*:*:*:*:* wireshark == None == 2.2.1
cpe:2.3:a:wireshark:wireshark:2.2.2:*:*:*:*:*:*:* wireshark == None == 2.2.2
cpe:2.3:a:wireshark:wireshark:2.2.3:*:*:*:*:*:*:* wireshark == None == 2.2.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status