Published: 27/12/2017 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The File_read_line function in epan/wslua/wslua_file.c in Wireshark up to and including 2.2.11 does not properly strip '\n' characters, which allows remote malicious users to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark
debian debian linux 8.0

Debian Bug report logs - #885831 wireshark: CVE-2017-17935: Denial of service in the File_read_line function in epan/wslua/wslua_filec Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 30 Dec 2017 09:00:02 UTC ...

The File_read_line function in epan/wslua/wslua_filec in Wireshark through 2211 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line ...

CWE-125 https://code.wireshark.org/review/#/c/24997/https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295 http://www.securityfocus.com/bid/102311 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885831 https://access.redhat.com/security/cve/cve-2017-17935

CVE-2017-17935

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect