In Wireshark up to and including 2.0.13 and 2.2.x up to and including 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wireshark wireshark 2.0.0 |
||
wireshark wireshark 2.0.4 |
||
wireshark wireshark 2.0.9 |
||
wireshark wireshark 2.0.12 |
||
wireshark wireshark 2.0.1 |
||
wireshark wireshark 2.0.11 |
||
wireshark wireshark 2.0.7 |
||
wireshark wireshark 2.0.2 |
||
wireshark wireshark 2.0.8 |
||
wireshark wireshark 2.0.3 |
||
wireshark wireshark 2.0.6 |
||
wireshark wireshark 2.0.10 |
||
wireshark wireshark 2.0.13 |
||
wireshark wireshark 2.0.5 |
||
wireshark wireshark 2.2.6 |
||
wireshark wireshark 2.2.0 |
||
wireshark wireshark 2.2.2 |
||
wireshark wireshark 2.2.1 |
||
wireshark wireshark 2.2.4 |
||
wireshark wireshark 2.2.5 |
||
wireshark wireshark 2.2.7 |
||
wireshark wireshark 2.2.3 |