In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libwsutil9": "2.6.3-1~ubuntu14.04.1", "libwscodecs2": "2.6.3-1~ubuntu14.04.1", "wireshark-dev": "2.6.3-1~ubuntu14.04.1", "libwiretap8": "2.6.3-1~ubuntu14.04.1", "wireshark-doc": "2.6.3-1~ubuntu14.04.1", "libwiretap8-dbgsym": "2.6.3-1~ubuntu14.04.1", "tshark": "2.6.3-1~ubuntu14.04.1", "libwiretap-dev": "2.6.3-1~ubuntu14.04.1", "libwsutil-dev": "2.6.3-1~ubuntu14.04.1", "tshark-dbgsym": "2.6.3-1~ubuntu14.04.1", "libwireshark-dev": "2.6.3-1~ubuntu14.04.1", "libwireshark11": "2.6.3-1~ubuntu14.04.1", "libwsutil9-dbgsym": "2.6.3-1~ubuntu14.04.1", "wireshark-qt": "2.6.3-1~ubuntu14.04.1", "wireshark-common-dbgsym": "2.6.3-1~ubuntu14.04.1", "wireshark": "2.6.3-1~ubuntu14.04.1", "wireshark-common": "2.6.3-1~ubuntu14.04.1", "wireshark-gtk-dbgsym": "2.6.3-1~ubuntu14.04.1", "libwireshark-data": "2.6.3-1~ubuntu14.04.1", "libwscodecs2-dbgsym": "2.6.3-1~ubuntu14.04.1", "libwireshark11-dbgsym": "2.6.3-1~ubuntu14.04.1", "wireshark-gtk": "2.6.3-1~ubuntu14.04.1", "wireshark-qt-dbgsym": "2.6.3-1~ubuntu14.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libwsutil9": "2.6.3-1~ubuntu16.04.1", "libwscodecs2": "2.6.3-1~ubuntu16.04.1", "wireshark-dev": "2.6.3-1~ubuntu16.04.1", "libwiretap8": "2.6.3-1~ubuntu16.04.1", "wireshark-doc": "2.6.3-1~ubuntu16.04.1", "libwiretap8-dbgsym": "2.6.3-1~ubuntu16.04.1", "tshark": "2.6.3-1~ubuntu16.04.1", "libwiretap-dev": "2.6.3-1~ubuntu16.04.1", "libwsutil-dev": "2.6.3-1~ubuntu16.04.1", "tshark-dbgsym": "2.6.3-1~ubuntu16.04.1", "libwireshark-dev": "2.6.3-1~ubuntu16.04.1", "libwireshark11": "2.6.3-1~ubuntu16.04.1", "libwsutil9-dbgsym": "2.6.3-1~ubuntu16.04.1", "wireshark-qt": "2.6.3-1~ubuntu16.04.1", "wireshark-common-dbgsym": "2.6.3-1~ubuntu16.04.1", "wireshark": "2.6.3-1~ubuntu16.04.1", "wireshark-common": "2.6.3-1~ubuntu16.04.1", "wireshark-gtk-dbgsym": "2.6.3-1~ubuntu16.04.1", "libwireshark-data": "2.6.3-1~ubuntu16.04.1", "libwscodecs2-dbgsym": "2.6.3-1~ubuntu16.04.1", "libwireshark11-dbgsym": "2.6.3-1~ubuntu16.04.1", "wireshark-gtk": "2.6.3-1~ubuntu16.04.1", "wireshark-qt-dbgsym": "2.6.3-1~ubuntu16.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libwsutil9": "2.6.3-1~ubuntu18.04.1", "libwscodecs2": "2.6.3-1~ubuntu18.04.1", "wireshark-dev": "2.6.3-1~ubuntu18.04.1", "libwiretap8": "2.6.3-1~ubuntu18.04.1", "wireshark-doc": "2.6.3-1~ubuntu18.04.1", "libwiretap8-dbgsym": "2.6.3-1~ubuntu18.04.1", "tshark": "2.6.3-1~ubuntu18.04.1", "libwiretap-dev": "2.6.3-1~ubuntu18.04.1", "libwsutil-dev": "2.6.3-1~ubuntu18.04.1", "tshark-dbgsym": "2.6.3-1~ubuntu18.04.1", "libwireshark-dev": "2.6.3-1~ubuntu18.04.1", "libwireshark11": "2.6.3-1~ubuntu18.04.1", "libwsutil9-dbgsym": "2.6.3-1~ubuntu18.04.1", "wireshark-qt": "2.6.3-1~ubuntu18.04.1", "wireshark-common-dbgsym": "2.6.3-1~ubuntu18.04.1", "wireshark": "2.6.3-1~ubuntu18.04.1", "wireshark-common": "2.6.3-1~ubuntu18.04.1", "wireshark-gtk-dbgsym": "2.6.3-1~ubuntu18.04.1", "libwireshark-data": "2.6.3-1~ubuntu18.04.1", "libwscodecs2-dbgsym": "2.6.3-1~ubuntu18.04.1", "libwireshark11-dbgsym": "2.6.3-1~ubuntu18.04.1", "wireshark-gtk": "2.6.3-1~ubuntu18.04.1", "wireshark-qt-dbgsym": "2.6.3-1~ubuntu18.04.1" } ] }