#VU39201 Infinite loop in Wireshark - CVE-2017-7745

Cybersecurity Help s.r.o.

Published: 2017-04-13 | Updated: 2020-08-08

Vulnerability identifier: #VU39201

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-7745

CWE-ID: CWE-835

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Wireshark
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Wireshark.org

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Wireshark: 2.0.0 - 2.0.11, 2.2.0 - 2.2.5

External links
https://www.securityfocus.com/bid/97627
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0
https://www.wireshark.org/security/wnpa-sec-2017-20.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Fedora 25 update for wireshark

Multiple vulnerabilities in Wireshark