CVE-2017-6014
HIGHWireshark < 2.2.4 - Denial of Service via STANAG 4607 Capture File
Title source: llmDescription
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96284
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201706-12
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3811
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416
Scores
CVSS v3
7.5
EPSS
0.0294
EPSS Percentile
85.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (2)
debian/debian_linux
8.0
wireshark/wireshark
< 2.2.4
Published
Feb 17, 2017
Tracked Since
Feb 18, 2026