7.5
CVSSv3

CVE-2017-6014

Published: 17/02/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

In Wireshark 2.2.4 and previous versions, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

Vulnerable Product Search on Vulmon Subscribe to Product

wireshark wireshark

debian debian linux 8.0

Vendor Advisories

Debian Bug report logs - #855408 wireshark: CVE-2017-6014: crafted or malformed STANAG 4607 capture file will cause an infinite loop Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 17 Feb 2017 15:42:01 UTC Sev ...
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for ASTERIX, DHCPv6, NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to various crashes, denial-of-service or execution of arbitrary code For the stable distribution (jessie), these problems have been fixed in version ...
In Wireshark 224 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet This will quickly exhaust all system memory ...