[Secure-testing-team] Bug#855408: wireshark: CVE-2017-6014: crafted or malformed STANAG 4607 capture file will cause an infinite loop
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 17 15:38:46 UTC 2017
Source: wireshark
Version: 2.2.4+gcc3dc1b-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416
Hi,
the following vulnerability was published for wireshark.
CVE-2017-6014[0]:
| In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607
| capture file will cause an infinite loop and memory exhaustion. If the
| packet size field in a packet header is null, the offset to read from
| will not advance, causing continuous attempts to read the same zero
| length packet. This will quickly exhaust all system memory.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6014
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list