CVE-2017-9353

HIGH

Wireshark 2.2.0-2.2.6 - Denial of Service in IPv6 Dissector

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9353. PoCs published by OSS-Fuzz.

AI-analyzed exploit summary This exploit triggers a null pointer dereference in Wireshark's IPv6 multicast address handling, leading to a denial-of-service (DoS) condition. The PoC is a malformed pcap file that causes a runtime error in `wsutil/inet_ipv6.h` when processed by TShark.

Description

In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.

Exploits (1)

exploitdb WORKING POC VERIFIED

by OSS-Fuzz · textdosmultiple

https://www.exploit-db.com/exploits/42123

View Code ZIP pw:eip

This exploit triggers a null pointer dereference in Wireshark's IPv6 multicast address handling, leading to a denial-of-service (DoS) condition. The PoC is a malformed pcap file that causes a runtime error in `wsutil/inet_ipv6.h` when processed by TShark.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Wireshark/TShark 2.3.0 (v2.3.0rc0-3369-g2e2ba64b72)

No auth needed

Prerequisites: A vulnerable version of Wireshark/TShark · Ability to provide a malformed pcap file to the target

MITRE ATT&CK