7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
64.5%
Severity: Medium
Date : 2017-10-12
CVE-ID : CVE-2017-15189 CVE-2017-15190 CVE-2017-15191 CVE-2017-15192
CVE-2017-15193
Package : wireshark-cli
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-440
The package wireshark-cli before version 2.4.2-1 is vulnerable to
denial of service.
Upgrade to 2.4.2-1.
The problems have been fixed upstream in version 2.4.2.
None.
An infinite loop flaw has been discovered in wireshark before 2.4.2 in
the DOCSIS dissector leading to excessive consumption of CPU resources
by injecting a malformed packet onto the wire or by convincing someone
to read a malformed packet trace file.
A stack pointer use after scope flaw has been discovered in wireshark
before 2.4.2 in the RTSP dissector leading to application crash by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.
A length check flaw has been discovered in wireshark before 2.4.2 in
the BT ATT dissector when 7bit strings were decoded leading to
application crash by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file.
A flaw has been discovered in wireshark before 2.4.2 in the BT ATT
dissector leading to application crash by injecting a malformed packet
onto the wire or by convincing someone to read a malformed packet trace
file.
A flaw has been discovered in wireshark before 2.4.2 in the MBIM
dissector when pre sizing wmem arrays leading to resource consumption
and application crash by injecting a malformed packet onto the wire or
by convincing someone to read a malformed packet trace file.
A remote attacker might be able to crash wireshark by injecting a
malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.
http://seclists.org/wireshark/2017/Oct/27
https://www.wireshark.org/security/wnpa-sec-2017-46.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
https://code.wireshark.org/review/#/c/23663/
https://www.wireshark.org/security/wnpa-sec-2017-45.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077
https://code.wireshark.org/review/#/c/23635/
https://www.wireshark.org/security/wnpa-sec-2017-44.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068
https://code.wireshark.org/review/#/c/23591/
https://www.wireshark.org/security/wnpa-sec-2017-42.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049
https://code.wireshark.org/review/#/c/23470/
https://www.wireshark.org/security/wnpa-sec-2017-43.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056
https://code.wireshark.org/review/#/c/23537/
https://security.archlinux.org/CVE-2017-15189
https://security.archlinux.org/CVE-2017-15190
https://security.archlinux.org/CVE-2017-15191
https://security.archlinux.org/CVE-2017-15192
https://security.archlinux.org/CVE-2017-15193
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | wireshark-cli | < 2.4.2-1 | UNKNOWN |
seclists.org/wireshark/2017/Oct/27
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
code.wireshark.org/review/#/c/23470/
code.wireshark.org/review/#/c/23537/
code.wireshark.org/review/#/c/23591/
code.wireshark.org/review/#/c/23635/
code.wireshark.org/review/#/c/23663/
security.archlinux.org/AVG-440
security.archlinux.org/CVE-2017-15189
security.archlinux.org/CVE-2017-15190
security.archlinux.org/CVE-2017-15191
security.archlinux.org/CVE-2017-15192
security.archlinux.org/CVE-2017-15193
www.wireshark.org/security/wnpa-sec-2017-42.html
www.wireshark.org/security/wnpa-sec-2017-43.html
www.wireshark.org/security/wnpa-sec-2017-44.html
www.wireshark.org/security/wnpa-sec-2017-45.html
www.wireshark.org/security/wnpa-sec-2017-46.html
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
64.5%