var-201708-1254
Vulnerability from variot
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. Wireshark Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Wireshark is a suite of network packet analysis software developed by the Wireshark team. The Wireshark Profinet I/O parser has a security vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. An attacker can leverage this issue to crash the affected application, denying service to legitimate users. Wireshark 2.4.0 and 2.2.0 through 2.2.8 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4060-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2017 https://www.debian.org/security/faq
Package : wireshark CVE ID : CVE-2017-11408 CVE-2017-13766 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.
For the oldstable distribution (jessie), these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u12.
For the stable distribution (stretch), these problems have been fixed in version 2.2.6+g32dac6a-2+deb9u1.
We recommend that you upgrade your wireshark packages.
For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlorzcgACgkQEMKTtsN8 Tjbdrg//TwdPY0X/BByo9yCHBaDJiTjq5YtIW5QY3BpPreFH2vlJnF/xCPc2C01y XmIOfRmSn17750SI459dUnovaD8OA51lexYWHbCesTdw/9eXSazssYitckUwOSnz CTx+tp9XqXMrZuDQOdFXqItnZ2nr5K0xTSHVu1lmkJL4C4waItkefEpQHwolKQaH tMdEWd2jM/jjm+dU9Dlo+6pghZdPNXzawzm7273Ca8gwGkGt4SCf/s9ruhJc113c hgQ8NzdASNdvnj28o9dQ0V9ooUxq6SEItSOCMXeq+P+Qfk1RTqT83SOZtEdGmtol yFMenLaVeoNzrrDTSNJuXeGPwJFOFcKY5la5ob3+pae4F+mAmyd7CVMsXVLhiVf8 CS6sGnsyaXugTXQKsfG2l9d5chfMJ/Qj1iAzY0gn2Jt6zOc5sROVvG/ItT6U2vF1 WiUPVULyUdHR1cFdDudA04fQaeY+PzDj0TJ7/iRAT0evK6lp405Yhz0mz6Ro2b3K eQfuF7aLVKYOLEqvjdnEZV1cFAYyySEMPXsxWS9sKyWzImKsOIEBFzTMDglMoZd8 1TMgvr+WCRmpp5XMldIoDNydUkmMdeGQcEtUH4kKWdOs/RRC3218GwtYaJ10WfwX 7rSSoViG1VSG/HPXRY++S8GLSe6aRE0ABfP9stsY2HKheKcXowA= =JKbF -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1254",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireshark",
"scope": "eq",
"trust": 3.0,
"vendor": "wireshark",
"version": "2.4.0"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.7"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.6"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.5"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.4"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.3"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.2"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.1"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.6,
"vendor": "wireshark",
"version": "2.0.13"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.6,
"vendor": "wireshark",
"version": "2.2.0"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.6"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.1"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.4"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.8"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.9"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.11"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.10"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.3"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.2"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.0"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.5"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.12"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.7"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 0.8,
"vendor": "wireshark",
"version": "2.2.0 to 2.2.8"
},
{
"model": "wireshark",
"scope": "gte",
"trust": 0.6,
"vendor": "wireshark",
"version": "2.2.0,\u003c=2.2.8"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 0.3,
"vendor": "wireshark",
"version": "2.4"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 0.3,
"vendor": "wireshark",
"version": "2.2.8"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 0.3,
"vendor": "wireshark",
"version": "2.2"
},
{
"model": "wireshark",
"scope": "ne",
"trust": 0.3,
"vendor": "wireshark",
"version": "2.4.1"
},
{
"model": "wireshark",
"scope": "ne",
"trust": 0.3,
"vendor": "wireshark",
"version": "2.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.4.0"
}
],
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "BID",
"id": "100542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wireshark:wireshark",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ulf33286",
"sources": [
{
"db": "BID",
"id": "100542"
}
],
"trust": 0.3
},
"cve": "CVE-2017-13766",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-13766",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-30755",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-13766",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13766",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-13766",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-30755",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1295",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-13766",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. Wireshark Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Wireshark is a suite of network packet analysis software developed by the Wireshark team. The Wireshark Profinet I/O parser has a security vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. \nAn attacker can leverage this issue to crash the affected application, denying service to legitimate users. \nWireshark 2.4.0 and 2.2.0 through 2.2.8 are vulnerable. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4060-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 09, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nCVE ID : CVE-2017-11408 CVE-2017-13766 CVE-2017-17083 CVE-2017-17084 \n CVE-2017-17085\n\nIt was discovered that wireshark, a network protocol analyzer, contained\nseveral vulnerabilities in the dissectors for CIP Safety, IWARP_MPA,\nNetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the\nexecution of arbitrary code. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1.12.1+g01b65bf-4+deb8u12. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.2.6+g32dac6a-2+deb9u1. \n\nWe recommend that you upgrade your wireshark packages. \n\nFor the detailed security status of wireshark please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wireshark\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlorzcgACgkQEMKTtsN8\nTjbdrg//TwdPY0X/BByo9yCHBaDJiTjq5YtIW5QY3BpPreFH2vlJnF/xCPc2C01y\nXmIOfRmSn17750SI459dUnovaD8OA51lexYWHbCesTdw/9eXSazssYitckUwOSnz\nCTx+tp9XqXMrZuDQOdFXqItnZ2nr5K0xTSHVu1lmkJL4C4waItkefEpQHwolKQaH\ntMdEWd2jM/jjm+dU9Dlo+6pghZdPNXzawzm7273Ca8gwGkGt4SCf/s9ruhJc113c\nhgQ8NzdASNdvnj28o9dQ0V9ooUxq6SEItSOCMXeq+P+Qfk1RTqT83SOZtEdGmtol\nyFMenLaVeoNzrrDTSNJuXeGPwJFOFcKY5la5ob3+pae4F+mAmyd7CVMsXVLhiVf8\nCS6sGnsyaXugTXQKsfG2l9d5chfMJ/Qj1iAzY0gn2Jt6zOc5sROVvG/ItT6U2vF1\nWiUPVULyUdHR1cFdDudA04fQaeY+PzDj0TJ7/iRAT0evK6lp405Yhz0mz6Ro2b3K\neQfuF7aLVKYOLEqvjdnEZV1cFAYyySEMPXsxWS9sKyWzImKsOIEBFzTMDglMoZd8\n1TMgvr+WCRmpp5XMldIoDNydUkmMdeGQcEtUH4kKWdOs/RRC3218GwtYaJ10WfwX\n7rSSoViG1VSG/HPXRY++S8GLSe6aRE0ABfP9stsY2HKheKcXowA=\n=JKbF\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "BID",
"id": "100542"
},
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "PACKETSTORM",
"id": "145369"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13766",
"trust": 3.7
},
{
"db": "BID",
"id": "100542",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039254",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2017-30755",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387",
"trust": 0.8
},
{
"db": "IVD",
"id": "0255AA7B-2BD4-4EED-AA31-3973E910869E",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-13766",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145369",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "BID",
"id": "100542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "PACKETSTORM",
"id": "145369"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"id": "VAR-201708-1254",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
}
]
},
"last_update_date": "2024-11-23T22:12:58.435000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PNIO: Fix another potential OOB write.",
"trust": 0.8,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e"
},
{
"title": "Fix potential oob write crashes",
"trust": 0.8,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2096bc1e5078732543e0a3ee115a2ce520a72bbc"
},
{
"title": "Bug 13847",
"trust": 0.8,
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847"
},
{
"title": "wnpa-sec-2017-39",
"trust": 0.8,
"url": "https://www.wireshark.org/security/wnpa-sec-2017-39.html"
},
{
"title": "Patch for Wireshark Profinet I/O Parser Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/104164"
},
{
"title": "Wireshark Profinet I/O Remediation measures for resolver security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74464"
},
{
"title": "Red Hat: CVE-2017-13766",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-13766"
},
{
"title": "Debian Security Advisories: DSA-4060-1 wireshark -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9fa9c0d441399d6fc65360f421999159"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.wireshark.org/security/wnpa-sec-2017-39.html"
},
{
"trust": 2.0,
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13766"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/100542"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039254"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2017/dsa-4060"
},
{
"trust": 1.0,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3ba=commit%3bh=2096bc1e5078732543e0a3ee115a2ce520a72bbc"
},
{
"trust": 1.0,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3ba=commit%3bh=af7b093ca528516c14247acb545046199d30843e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13766"
},
{
"trust": 0.7,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e"
},
{
"trust": 0.7,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2096bc1e5078732543e0a3ee115a2ce520a72bbc"
},
{
"trust": 0.3,
"url": "http://www.wireshark.org/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-13766"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11408"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17083"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wireshark"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17084"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "BID",
"id": "100542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "PACKETSTORM",
"id": "145369"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "BID",
"id": "100542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "PACKETSTORM",
"id": "145369"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-20T00:00:00",
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"date": "2017-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100542"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"date": "2017-12-12T05:29:06",
"db": "PACKETSTORM",
"id": "145369"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"date": "2017-08-30T09:29:00.497000",
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"date": "2017-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100542"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"date": "2017-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"date": "2024-11-21T03:11:37.520000",
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wireshark Profinet I/O Parser Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…