Published: 12/04/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 2.0.0
wireshark wireshark 2.0.4
wireshark wireshark 2.2.0
wireshark wireshark 2.0.9
wireshark wireshark 2.2.2
wireshark wireshark 2.0.1
wireshark wireshark 2.2.1
wireshark wireshark 2.2.4
wireshark wireshark 2.0.11
wireshark wireshark 2.0.7
wireshark wireshark 2.0.2
wireshark wireshark 2.0.8
wireshark wireshark 2.0.3
wireshark wireshark 2.2.5
wireshark wireshark 2.0.6
wireshark wireshark 2.0.10
wireshark wireshark 2.2.3
wireshark wireshark 2.0.5

In Wireshark 220 to 225 and 200 to 2011, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file This was addressed in epan/dissectors/packet-wspc by adding a length check ...

CWE-835 https://www.wireshark.org/security/wnpa-sec-2017-21.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581 http://www.securityfocus.com/bid/97628 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f55cbcde2c8f74b652add4450b0592082eb6acff https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-7748

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-7748

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect