Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2017-11410

Published: 18/07/2017 Updated: 07/11/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Wireshark

Vulnerability Summary

In Wireshark up to and including 2.0.13 and 2.2.x up to and including 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wireshark wireshark 2.0.0

wireshark wireshark 2.0.4

wireshark wireshark 2.0.9

wireshark wireshark 2.0.12

wireshark wireshark 2.0.1

wireshark wireshark 2.0.11

wireshark wireshark 2.0.7

wireshark wireshark 2.0.2

wireshark wireshark 2.0.8

wireshark wireshark 2.0.3

wireshark wireshark 2.0.6

wireshark wireshark 2.0.10

wireshark wireshark 2.0.13

wireshark wireshark 2.0.5

wireshark wireshark 2.2.6

wireshark wireshark 2.2.0

wireshark wireshark 2.2.2

wireshark wireshark 2.2.1

wireshark wireshark 2.2.4

wireshark wireshark 2.2.5

wireshark wireshark 2.2.7

wireshark wireshark 2.2.3

Vendor Advisories

Debian CVElist Bug Report Logs: wireshark: CVE-2017-11406 CVE-2017-11407 CVE-2017-11408
Debian Bug report logs - #870172 wireshark: CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 18:48:02 UTC Severity: important Tags: patch, security, upst ...
Debian CVElist Bug Report Logs: wireshark: CVE-2017-11410
Debian Bug report logs - #870180 wireshark: CVE-2017-11410 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 19:45:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in versio ...
Debian CVElist Bug Report Logs: wireshark: CVE-2017-9766: Malformed DCERPC PNIO packet decode, exception handler invalid pointer reference
Debian Bug report logs - #870175 wireshark: CVE-2017-9766: Malformed DCERPC PNIO packet decode, exception handler invalid pointer reference Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 18:57:01 U ...
Debian CVElist Bug Report Logs: wireshark: CVE-2017-9617: DAAP dissector dissect_daap_one_tag recursion stack exhausted
Debian Bug report logs - #870174 wireshark: CVE-2017-9617: DAAP dissector dissect_daap_one_tag recursion stack exhausted Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 18:51:05 UTC Severity: impor ...
Debian CVElist Bug Report Logs: wireshark: CVE-2017-11411
Debian Bug report logs - #870179 wireshark: CVE-2017-11411 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 19:42:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found in versio ...
Red Hat: CVE-2017-11410
In Wireshark through 2013 and 22x through 227, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file This was addressed in epan/dissectors/packet-wbxmlc by adding validation of the relationships between indexes and lengths NOTE: this vulnerability exists because of an incomplete fix f ...
Arch Linux Issues:
A security issue has been found in the WBXML dissector of wireshark <= 227 A crafted packet could make wireshark go into an infinite loop, causing a denial of service This issue is the result of an incomplete fix for CVE-2017-7702 ...

References

CWE-20CWE-835https://www.wireshark.org/security/wnpa-sec-2017-13.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=3c7168cc5f044b4da8747d35da0b2b204dabf398https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870172https://security.archlinux.org/CVE-2017-11410
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook