CVE-2017-6014

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-6014

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6014.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-6014

Related

Published

2017-02-17T07:59:00Z

Modified

2024-09-11T04:14:33.437875Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

References

Affected packages

Alpine:v3.5 / wireshark

Package

Name: wireshark
Purl: pkg:apk/alpine/wireshark?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.4-r1

Affected versions

1.*

1.2.1-r0

1.2.2-r0

1.2.4-r0

1.2.6-r0

1.2.6-r1

1.2.6-r2

1.2.8-r0

1.2.9-r0

1.2.10-r0

1.4.0-r0

1.4.1-r0

1.4.2-r0

1.4.3-r0

1.4.4-r0

1.4.5-r0

1.4.6-r0

1.4.7-r0

1.6.0-r0

1.6.0-r1

1.6.1-r0

1.6.2-r0

1.6.3-r0

1.6.4-r0

1.6.5-r0

1.6.6-r0

1.6.6-r1

1.6.8-r0

1.6.8-r1

1.8.1-r0

1.8.2-r0

1.8.3-r0

1.8.4-r0

1.8.5-r0

1.8.6-r0

1.8.7-r0

1.10.0-r0

1.10.1-r0

1.10.2-r0

1.10.2-r1

1.10.3-r0

1.10.3-r1

1.10.4-r0

1.10.5-r0

1.10.5-r1

1.10.6-r0

1.10.7-r0

1.10.8-r0

1.12.0-r0

1.12.0-r1

1.12.1-r0

1.12.1-r1

1.12.2-r0

1.12.3-r0

1.12.4-r0

1.12.4-r1

1.12.5-r0

1.12.7-r0

1.12.8-r0

2.*

2.0.0-r0

2.0.1-r0

2.0.2-r0

2.0.3-r0

2.0.4-r0

2.0.5-r0

2.2.0-r0

2.2.0-r1

2.2.2-r0

2.2.3-r0

2.2.4-r0

Debian:11 / wireshark

Package

Name: wireshark
Purl: pkg:deb/debian/wireshark?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5+g440fd4d-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / wireshark

Package

Name: wireshark
Purl: pkg:deb/debian/wireshark?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5+g440fd4d-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / wireshark

Package

Name: wireshark
Purl: pkg:deb/debian/wireshark?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5+g440fd4d-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://github.com/wireshark/wireshark
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

cc3dc1b648d341a489fb95faef3795d8cb2b6192

Affected versions

2.*

2.2.1rc0

Other

backups/ethereal@18706

ethereal-0-3-15

start

ethereal-0.*

ethereal-0.3.15

v1.*

v1.11.0

v1.11.0-rc1

v1.11.1

v1.11.1-rc1

v1.11.2

v1.11.2-rc1

v1.11.3

v1.11.3-rc1

v1.11.4-rc1

v1.99.0

v1.99.0-rc1

v1.99.1

v1.99.10rc0

v1.99.1rc0

v1.99.2

v1.99.2rc0

v1.99.3

v1.99.3rc0

v1.99.4

v1.99.4rc0

v1.99.5

v1.99.5rc0

v1.99.6

v1.99.6rc0

v1.99.7

v1.99.7rc0

v1.99.8

v1.99.8rc0

v1.99.9

v1.99.9rc0

v2.*

v2.1.0

v2.1.0rc0

v2.1.1

v2.1.1rc0

v2.1.2rc0

v2.2.0

v2.2.0rc0

v2.2.0rc1

v2.2.0rc2

v2.2.1

v2.2.1rc0

v2.2.2

v2.2.2rc0

v2.2.3

v2.2.3rc0

v2.2.4

v2.2.4rc0

wireshark-1.*

wireshark-1.11.3

wireshark-1.99.0

wireshark-1.99.1

wireshark-1.99.2

wireshark-1.99.3

wireshark-1.99.4

wireshark-1.99.5

wireshark-1.99.6

wireshark-1.99.7

wireshark-1.99.8

wireshark-1.99.9

wireshark-2.*

wireshark-2.1.0

wireshark-2.1.1

wireshark-2.2.0

wireshark-2.2.0rc1

wireshark-2.2.0rc2

wireshark-2.2.1

wireshark-2.2.2

wireshark-2.2.3

wireshark-2.2.4