CVE-2017-6014
Description
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.423
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update of Wireshark (2.2.5) | Windows |
| Update of Wireshark X64 (2.2.5) | Windows |
| Multiple vulnerabilities fixed in Wireshark x64 2.0.11 | Windows |
| Multiple vulnerabilities are fixed in Update for WireShark for Mac (2.2.5) | Mac |
| Multiple vulnerabilities are fixed in Wireshark for Mac 2.0.11 | Mac |
| wireshark security update(DSA-3811-1) wireshark_1.12.1+g01b65bf-4+deb8u11_i386.deb | Linux |
| wireshark security update(DSA-3811-1) wireshark_1.12.1+g01b65bf-4+deb8u11_amd64.deb | Linux |
| wireshark security update(DSA-3811-1) wireshark_1.12.1+g01b65bf-4+deb8u11_kfreebsd-i386.deb | Linux |
| wireshark security update(DSA-3811-1) wireshark_1.12.1+g01b65bf-4+deb8u11_kfreebsd-amd64.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-304723 | Update of Wireshark (2.2.5) |
| PATCH-304724 | Update of Wireshark X64 (2.2.5) |
| PATCH-338541 | Wireshark (3.6.24) |
| PATCH-600953 | Update for WireShark for Mac (2.2.5) |
| PATCH-612949 | WireShark for Mac (4.6.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234