CVE-2017-7702Infinite Loop in Wireshark

CWE-835Infinite LoopCWE-20Improper Input Validation13 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedApr 12
Latest updateMay 13

Description

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/wireshark< wireshark 2.4.0-1 (bookworm)+1
Debianwireshark/wireshark< 2.4.0-1+7
NVDwireshark/wireshark22 versions+21

Patches

Patch: bugs.wireshark.orgPatch: bugs.wireshark.org

🔴Vulnerability Details

4
GHSA
GHSA-87f4-45wv-qprf: In Wireshark 22022-05-13
GHSA
GHSA-x5hh-chcp-7jv5: In Wireshark through 22022-05-13
OSV
CVE-2017-11410: In Wireshark through 22017-07-18
OSV
CVE-2017-7702: In Wireshark 22017-04-12

💥Exploits & PoCs

1
Exploit-DB
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities2018-03-13

📋Vendor Advisories

4
Red Hat
wireshark: WBXML dissector infinite loop (wnpa-sec-2017-13)2017-04-12
Red Hat
wireshark: WBXML dissector infinite loop (wnpa-sec-2017-13)2017-04-12
Debian
CVE-2017-11410: wireshark - In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could g...2017
Debian
CVE-2017-7702: wireshark - In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go in...2017

💬Community

2
Bugzilla
CVE-2017-11410 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 wireshark: various flaws [fedora-all]2017-04-13
Bugzilla
CVE-2017-7702 CVE-2017-11410 wireshark: WBXML dissector infinite loop (wnpa-sec-2017-13)2017-04-13