CVE-2017-9352

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type

GIT

Repo

https://github.com/wireshark/wireshark

Events

Introduced

9a73b827b22c7ce9132e939b9f07ec4425fc2aa6

Last affected

2a06057a0ff32623003567f4acf556c759bf751d

Introduced

5368c50be46d4a44986d12bdfc0a35b42c0f34fc

Last affected

32dac6a1ea518cb0062c139e2b3df298afc93c30

Database specific

{
    "cpe": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.0.12"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "last_affected": "2.2.6"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

2.*

2.2.1rc0

v2.*

v2.0.0

v2.0.1

v2.0.10

v2.0.10rc0

v2.0.11

v2.0.11rc0

v2.0.12

v2.0.12rc0

v2.0.1rc0

v2.0.2

v2.0.2rc0

v2.0.3

v2.0.3rc0

v2.0.4

v2.0.4rc0

v2.0.5

v2.0.5rc0

v2.0.6

v2.0.6rc0

v2.0.7

v2.0.7rc0

v2.0.8

v2.0.8rc0

v2.0.9

v2.0.9rc0

v2.2.0

v2.2.1

v2.2.1rc0

v2.2.2

v2.2.2rc0

v2.2.3

v2.2.3rc0

v2.2.4

v2.2.4rc0

v2.2.5

v2.2.5rc0

v2.2.6

v2.2.6rc0

wireshark-2.*

wireshark-2.0.0

wireshark-2.0.1

wireshark-2.0.10

wireshark-2.0.11

wireshark-2.0.12

wireshark-2.0.2

wireshark-2.0.3

wireshark-2.0.4

wireshark-2.0.5

wireshark-2.0.6

wireshark-2.0.7

wireshark-2.0.8

wireshark-2.0.9

wireshark-2.2.0

wireshark-2.2.1

wireshark-2.2.2

wireshark-2.2.3

wireshark-2.2.4

wireshark-2.2.5

wireshark-2.2.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9352.json"