7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.1 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.2%
Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.10 and 2.2.0 to 2.2.4. Malicious users can exploit these vulnerabilities possibly to cause a denial of service.
Below is a complete list of vulnerabilities:
Technical details
Vulnerability (1) was found in epan/dissectors/packet-ldss.c when checking that memory allocation is done for a certain data structure.
Vulnerability (2) was found in epan/dissectors/packet-iax2.c when making constraints to packet lateness.
Vulnerability (3) was found in epan/dissectors/packet-wsp.c when validating the capability length.
Vulnerability (4) was found in epan/dissectors/packet-rtmpt.c when accurately incrementing a certain sequence value.
Vulnerability (5) was found in wiretap/k12.c when validating the relationships between offsets and lengths.
Vulnerability (6) was found in wiretap/netscaler.c when validating record sizes and changing the file size restrictions.
Vulnerability (7) was found in wiretap/netscaler.c when validating the relationship between records and pages.
CVE-2017-6472 warning
CVE-2017-6473 warning
CVE-2017-6474 warning
CVE-2017-6467 warning
CVE-2017-6468 warning
CVE-2017-6469 warning
CVE-2017-6470 critical
CVE-2017-6471 warning
Update to the latest version
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
statistics.securelist.com/
threats.kaspersky.com/en/product/Wireshark/
www.wireshark.org/security/wnpa-sec-2017-03.html
www.wireshark.org/security/wnpa-sec-2017-04.html
www.wireshark.org/security/wnpa-sec-2017-05.html
www.wireshark.org/security/wnpa-sec-2017-07.html
www.wireshark.org/security/wnpa-sec-2017-08.html
www.wireshark.org/security/wnpa-sec-2017-09.html
www.wireshark.org/security/wnpa-sec-2017-10.html
www.wireshark.org/security/wnpa-sec-2017-11.html
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.1 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.2%