- Home
- CVEs with nessus.description==The version of Wireshark installed on the remote Windows host is 2.0.x
prior to 2.0.14 or 2.2.x prior to 2.2.8. It is, therefore, affected by
multiple denial of service vulnerabilities :
- A denial of service vulnerability exists in the DAAP
dissector, specifically in the dissect_daap_one_tag()
function within file epan/dissectors/packet-daap.c. An
unauthenticated, remote attacker can exploit this to
exhaust stack resources through uncontrolled recursion.
(CVE-2017-9617)
- An infinite loop condition exists in the DOCSIS
dissector, specifically in the dissect_docsis() function
within file plugins/docsis/packet-docsis.c. An
unauthenticated, remote attacker can exploit this, via a
specially crafted packet or packet trace, to consume
available CPU resources, resulting in a denial of
service condition. (CVE-2017-11406)
- A memory allocation issue exists in the MQ dissector,
specifically in the reassemble_mq() function within file
epan/dissectors/packet-mq.c, due to improper validation
of fragment lengths before attempting reassembly. An
unauthenticated, remote attacker can exploit this, via a
specially crafted packet or packet trace, to cause a
denial of service condition. (CVE-2017-11407)
- A flaw exists in the AMQP dissector, specifically in
the get_amqp_1_0_value_formatter() function within file
epan/dissectors/packet-amqp.c, when decoding lists.
An unauthenticated, remote attacker can exploit this,
via a specially crafted packet or packet trace, to cause
a stack overflow, resulting in a denial of service
condition. (CVE-2017-11408)
- A large loop condition exists in the GPRS LLC dissector,
specifically in the llc_gprs_dissect_xid() function
within file epan/dissectors/packet-gprs-llc.c, when
handling specially crafted packet or trace files. An
unauthenticated, remote attacker can exploit this to
cause a denial of service condition. Note that this
issue only applies to version 2.0.x. (CVE-2017-11409)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top