CVE-2017-6473

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets.

Database specific

{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ]
        }
    ]
}

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type

GIT

Repo

https://github.com/wireshark/wireshark

Events

Introduced

9a73b827b22c7ce9132e939b9f07ec4425fc2aa6

Last affected

0ad795bc8c4e98c9cd49b5609df19ccce2640666

Introduced

5368c50be46d4a44986d12bdfc0a35b42c0f34fc

Last affected

cc3dc1b648d341a489fb95faef3795d8cb2b6192

Database specific

{
    "cpe": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.0.10"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "last_affected": "2.2.4"
        }
    ]
}

Affected versions

2.*

2.2.1rc0

v2.*

v2.0.0

v2.0.1

v2.0.10

v2.0.10rc0

v2.0.1rc0

v2.0.2

v2.0.2rc0

v2.0.3

v2.0.3rc0

v2.0.4

v2.0.4rc0

v2.0.5

v2.0.5rc0

v2.0.6

v2.0.6rc0

v2.0.7

v2.0.7rc0

v2.0.8

v2.0.8rc0

v2.0.9

v2.0.9rc0

v2.2.0

v2.2.1

v2.2.1rc0

v2.2.2

v2.2.2rc0

v2.2.3

v2.2.3rc0

v2.2.4

v2.2.4rc0

wireshark-2.*

wireshark-2.0.0

wireshark-2.0.1

wireshark-2.0.10

wireshark-2.0.2

wireshark-2.0.3

wireshark-2.0.4

wireshark-2.0.5

wireshark-2.0.6

wireshark-2.0.7

wireshark-2.0.8

wireshark-2.0.9

wireshark-2.2.0

wireshark-2.2.1

wireshark-2.2.2

wireshark-2.2.3

wireshark-2.2.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6473.json"