SB2017110306 - Denial of service in Wireshark

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017110306

SB2017110306 - Denial of service in Wireshark

Published: November 3, 2017

Security Bulletin ID SB2017110306
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2017-15192)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet onto the wire or convince the victim into reading a malformed packet trace file and cause the Bluetooth Attribute Protocol dissector to crash.

2) Improper input validation (CVE-ID: CVE-2017-15193)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet onto the wire or convince the victim into reading a malformed packet trace file and cause the MBIM dissector to crash.

3) Improper input validation (CVE-ID: CVE-2017-15191)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet onto the wire or convince the victim into reading a malformed packet trace file and cause the DMP dissector to crash.

4) Improper input validation (CVE-ID: CVE-2017-15189)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an infinite loop. A remote attacker can inject a malformed packet onto the wire or convince the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the DOCSIS dissector to crash.

5) Improper input validation (CVE-ID: CVE-2017-15190)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet onto the wire or convince the victim into reading a malformed packet trace file and cause the RTSP dissector to crash.

Remediation

Install update from vendor's website.

References