Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-11408

Published: 18/07/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Wireshark

Vulnerability Summary

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wireshark wireshark 2.0.0

wireshark wireshark 2.0.4

wireshark wireshark 2.0.9

wireshark wireshark 2.0.12

wireshark wireshark 2.0.1

wireshark wireshark 2.0.11

wireshark wireshark 2.0.7

wireshark wireshark 2.0.2

wireshark wireshark 2.0.8

wireshark wireshark 2.0.3

wireshark wireshark 2.0.6

wireshark wireshark 2.0.10

wireshark wireshark 2.0.13

wireshark wireshark 2.0.5

wireshark wireshark 2.2.6

wireshark wireshark 2.2.0

wireshark wireshark 2.2.2

wireshark wireshark 2.2.1

wireshark wireshark 2.2.4

wireshark wireshark 2.2.5

wireshark wireshark 2.2.7

wireshark wireshark 2.2.3

Vendor Advisories

Debian Security Advisories: DSA-4060-1 wireshark -- security update
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 1121+g01b65bf-4+deb8u ...
Debian CVElist Bug Report Logs: wireshark: CVE-2017-11406 CVE-2017-11407 CVE-2017-11408
Debian Bug report logs - #870172 wireshark: CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 18:48:02 UTC Severity: important Tags: patch, security, upst ...
Debian CVElist Bug Report Logs: wireshark: CVE-2017-11410
Debian Bug report logs - #870180 wireshark: CVE-2017-11410 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 19:45:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in versio ...
Debian CVElist Bug Report Logs: wireshark: CVE-2017-9766: Malformed DCERPC PNIO packet decode, exception handler invalid pointer reference
Debian Bug report logs - #870175 wireshark: CVE-2017-9766: Malformed DCERPC PNIO packet decode, exception handler invalid pointer reference Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 18:57:01 U ...
Debian CVElist Bug Report Logs: wireshark: CVE-2017-9617: DAAP dissector dissect_daap_one_tag recursion stack exhausted
Debian Bug report logs - #870174 wireshark: CVE-2017-9617: DAAP dissector dissect_daap_one_tag recursion stack exhausted Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 18:51:05 UTC Severity: impor ...
Debian CVElist Bug Report Logs: wireshark: CVE-2017-11411
Debian Bug report logs - #870179 wireshark: CVE-2017-11411 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 19:42:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found in versio ...
Red Hat: CVE-2017-11408
In Wireshark 220 to 227 and 200 to 2013, the AMQP dissector could crash This was addressed in epan/dissectors/packet-amqpc by checking for successful list dissection ...
Arch Linux Issues:
A security issue has been found in the AMQP dissector of wireshark <= 227 A crafted packet could make wireshark overflow the stack by getting into a infinite recursion loop, causing a denial of service ...

References

CWE-20https://www.wireshark.org/security/wnpa-sec-2017-34.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780http://www.securitytracker.com/id/1038966http://www.securityfocus.com/bid/99894https://www.debian.org/security/2017/dsa-4060https://lists.debian.org/debian-lts-announce/2017/12/msg00029.htmlhttps://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a102c172b0b2fe231fdb49f4f6694603f5b93b0chttps://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e57c86ef8e3b57b7f90c224f6053d1eacf20e1bahttps://nvd.nist.govhttps://www.debian.org/security/./dsa-4060https://access.redhat.com/security/cve/cve-2017-11408
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook