Published: 02/06/2017 Updated: 07/11/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark

Debian Bug report logs - #864058 New wireshark issues Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 3 Jun 2017 18:39:01 UTC Severity: important Tags: security, upstream Found in version wireshark/226+g32dac6a ...

An issue has been found in the bazaar dissector of Wireshark < 227, where an infinite loop can be triggered by injecting a malicious packet into the wire or by convincing someone to read a malformed packet trace file ...

CWE-835 https://www.wireshark.org/security/wnpa-sec-2017-22.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599 http://www.securityfocus.com/bid/98804 http://www.securitytracker.com/id/1038612 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=8c5e0cee278ff0678b0ebf4b9c2a614974b4029a https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864058 https://nvd.nist.gov https://security.archlinux.org/CVE-2017-9352

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-9352

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect