CVE-2017-9351

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://github.com/wireshark/wireshark
Events: Introduced

9a73b827b22c7ce9132e939b9f07ec4425fc2aa6

Last affected

2a06057a0ff32623003567f4acf556c759bf751d

Introduced

b3a5619d669d146e44d86a25f4cb6132e69ebc66

Last affected

32dac6a1ea518cb0062c139e2b3df298afc93c30

Affected versions

v2.*

v2.0.0

v2.0.1

v2.0.10

v2.0.10rc0

v2.0.11

v2.0.11rc0

v2.0.12

v2.0.12rc0

v2.0.1rc0

v2.0.2

v2.0.2rc0

v2.0.3

v2.0.3rc0

v2.0.4

v2.0.4rc0

v2.0.5

v2.0.5rc0

v2.0.6

v2.0.6rc0

v2.0.7

v2.0.7rc0

v2.0.8

v2.0.8rc0

v2.0.9

v2.0.9rc0

wireshark-2.*

wireshark-2.0.0

wireshark-2.0.1

wireshark-2.0.10

wireshark-2.0.11

wireshark-2.0.12

wireshark-2.0.2

wireshark-2.0.3

wireshark-2.0.4

wireshark-2.0.5

wireshark-2.0.6

wireshark-2.0.7

wireshark-2.0.8

wireshark-2.0.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9351.json"

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://gitlab.com/wireshark/wireshark
Events: Introduced

5368c50be46d4a44986d12bdfc0a35b42c0f34fc

Last affected

32dac6a1ea518cb0062c139e2b3df298afc93c30

Affected versions

2.*

2.2.1rc0

v2.*

v2.2.0

v2.2.1

v2.2.1rc0

v2.2.2

v2.2.2rc0

v2.2.3

v2.2.3rc0

v2.2.4

v2.2.4rc0

v2.2.5

v2.2.5rc0

v2.2.6

v2.2.6rc0

wireshark-2.*

wireshark-2.2.0

wireshark-2.2.1

wireshark-2.2.2

wireshark-2.2.3

wireshark-2.2.4

wireshark-2.2.5

wireshark-2.2.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9351.json"