CVE-2017-6014 — Infinite Loop in Wireshark

CWE-835 — Infinite Loop CWE-400 — Uncontrolled Resource Consumption7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 37.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark Debian Linux

Timeline

PublishedFeb 17

Latest updateMay 13

Description

In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 2.2.5+g440fd4d-2 (bookworm)

▶Debianwireshark/wireshark< 2.2.5+g440fd4d-2+3

▶NVDwireshark/wireshark2.2.4

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-8q6q-3849-7cm3: In Wireshark 2↗2022-05-13

▶

OSV

CVE-2017-6014: In Wireshark 2↗2017-02-17

▶

📋Vendor Advisories

Red Hat

wireshark: Memory exhaustion/infinite loop via malformed STANAG 4607 capture file↗2017-02-16

▶

Debian

CVE-2017-6014: wireshark - In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file ...↗2017

▶

💬Community

Bugzilla

CVE-2017-6014 wireshark: Memory exhaustion/infinite loop via malformed STANAG 4607 capture file↗2017-02-21

▶

Bugzilla

CVE-2017-6014 wireshark: Memory exhaustion/infinite loop via malformed STANAG 4607 capture file [fedora-all]↗2017-02-21

▶