Published: 30/08/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 2.0.0
wireshark wireshark 2.0.4
wireshark wireshark 2.0.9
wireshark wireshark 2.0.12
wireshark wireshark 2.0.1
wireshark wireshark 2.0.11
wireshark wireshark 2.0.7
wireshark wireshark 2.0.2
wireshark wireshark 2.0.8
wireshark wireshark 2.0.3
wireshark wireshark 2.0.6
wireshark wireshark 2.0.10
wireshark wireshark 2.0.13
wireshark wireshark 2.0.5
wireshark wireshark 2.2.6
wireshark wireshark 2.2.0
wireshark wireshark 2.2.2
wireshark wireshark 2.2.1
wireshark wireshark 2.2.4
wireshark wireshark 2.2.5
wireshark wireshark 2.2.7
wireshark wireshark 2.2.3
wireshark wireshark 2.4.0

In Wireshark 240, 220 to 228, and 200 to 2014, the MSDP dissector could go into an infinite loop This was addressed in epan/dissectors/packet-msdpc by adding length validation ...

CWE-20 CWE-835 https://www.wireshark.org/security/wnpa-sec-2017-38.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933 http://www.securityfocus.com/bid/100549 http://www.securitytracker.com/id/1039254 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6f18ace2a2683418a9368a8dfd92da6bd8213e15 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-13767

CVE-2017-13767

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect