Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6113 — Infinite Loop in Wireshark

CWE-189 CWE-835 — Infinite Loop8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

8.6%

top 7.54%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wireshark Debian Wireshark

Timeline

PublishedNov 23

Latest updateMay 1

Description

Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 0.99.6pre1-1 (bookworm)

▶Debianwireshark/wireshark< 0.99.6pre1-1+3

▶NVDwireshark/wireshark32 versions+31

Patches

Patch: www.securityfocus.com ↗Patch: www.wireshark.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7pf5-64wg-qq2g: Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0↗2022-05-01

▶

OSV

CVE-2007-6113: Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0↗2007-11-23

▶

💥Exploits & PoCs

Exploit-DB

Wireshark < 0.99.5 - DNP3 Dissector Infinite Loop↗2007-08-31

▶

📋Vendor Advisories

Red Hat

wireshark DNP3 flaws↗2007-11-22

▶

Red Hat

Infinite loop in wireshark's DNP3 dissector↗2007-09-04

▶

Debian

CVE-2007-6113: wireshark - Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) ...↗2007

▶

💬Community

Bugzilla

CVE-2007-6113 wireshark DNP3 flaws↗2007-11-23

▶