#VU33526 Input validation error in Debian Linux - CVE-2017-11407

Cybersecurity Help s.r.o.

Published: 2017-07-18 | Updated: 2020-08-04

Vulnerability identifier: #VU33526

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-11407

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Debian Linux
Operating systems & Components / Operating system

Vendor: Debian

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Debian Linux: 8.0

External links
https://www.securityfocus.com/bid/99910
https://www.securitytracker.com/id/1038966
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4e54dae7f0d7840836ee6d5ce1e688f152ab2978
https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
https://www.wireshark.org/security/wnpa-sec-2017-35.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in wireshark (Alpine package)

Arch Linux update for wireshark-cli

Fedora 26 update for wireshark

Input validation error in Debian Linux