Published: 18/07/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

In Wireshark up to and including 2.0.13 and 2.2.x up to and including 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 2.0.0
wireshark wireshark 2.0.4
wireshark wireshark 2.0.9
wireshark wireshark 2.0.12
wireshark wireshark 2.0.1
wireshark wireshark 2.0.11
wireshark wireshark 2.0.7
wireshark wireshark 2.0.2
wireshark wireshark 2.0.8
wireshark wireshark 2.0.3
wireshark wireshark 2.0.6
wireshark wireshark 2.0.10
wireshark wireshark 2.0.13
wireshark wireshark 2.0.5
wireshark wireshark 2.2.6
wireshark wireshark 2.2.0
wireshark wireshark 2.2.2
wireshark wireshark 2.2.1
wireshark wireshark 2.2.4
wireshark wireshark 2.2.5
wireshark wireshark 2.2.7
wireshark wireshark 2.2.3

Debian Bug report logs - #870172 wireshark: CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 18:48:02 UTC Severity: important Tags: patch, security, upst ...

Debian Bug report logs - #870180 wireshark: CVE-2017-11410 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 19:45:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in versio ...

Debian Bug report logs - #870175 wireshark: CVE-2017-9766: Malformed DCERPC PNIO packet decode, exception handler invalid pointer reference Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 18:57:01 U ...

Debian Bug report logs - #870174 wireshark: CVE-2017-9617: DAAP dissector dissect_daap_one_tag recursion stack exhausted Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 18:51:05 UTC Severity: impor ...

Debian Bug report logs - #870179 wireshark: CVE-2017-11411 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Jul 2017 19:42:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found in versio ...

A security issue has been found in the openSAFETY dissector of wireshark <= 227 A crafted packet could make wireshark allocate a huge amount of memory, causing a denial of service This issue is the result of an incomplete fix for CVE-2017-9350 ...

CWE-20 https://www.wireshark.org/security/wnpa-sec-2017-28.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13755 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a83a324acdfc07a0ca8b65e6ebaba3374ab19c76 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870172 https://security.archlinux.org/CVE-2017-11411

CVE-2017-11411

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect