Vulnerability Description
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wireshark | Wireshark | <= 2.2.4 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2017/dsa-3811Third Party Advisory
- http://www.securityfocus.com/bid/96284Third Party AdvisoryVDB Entry
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416Issue TrackingVendor Advisory
- https://security.gentoo.org/glsa/201706-12Third Party Advisory
- http://www.debian.org/security/2017/dsa-3811Third Party Advisory
- http://www.securityfocus.com/bid/96284Third Party AdvisoryVDB Entry
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416Issue TrackingVendor Advisory
- https://security.gentoo.org/glsa/201706-12Third Party Advisory
FAQ
What is CVE-2017-6014?
CVE-2017-6014 is a vulnerability with a CVSS score of 7.5 (HIGH). In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to re...
How severe is CVE-2017-6014?
CVE-2017-6014 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6014?
Check the references section above for vendor advisories and patch information. Affected products include: Wireshark Wireshark, Debian Debian Linux.