Debian Wireshark vulnerabilities

CVE-2017-17935 [HIGH] CVE-2017-17935: wireshark - The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.... The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. Scope: local bookworm: resolved (fixed in 2.4.4-1) bullseye: res

CVE-2017-13767 [HIGH] CVE-2017-13767: wireshark - In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector coul... In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. Scope: local bookworm: resolved (fixed in 2.4.1-1) bullseye: resolved (fixed in 2.4.1-1) forky: resolved (fixed in 2.4.1-1) sid: resolved (fixed in 2.4.1-1) trixie: resolved (fi

CVE-2017-5597 [HIGH] CVE-2017-5597: wireshark - In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go in... In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. Scope: local bookworm: resolved (fixed in 2.2.4+gcc3dc1b-1) bullseye: resolved (fixed in 2.2.4+gcc3dc1b-

CVE-2017-6014 [HIGH] CVE-2017-6014: wireshark - In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file ... In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. Scope: local bookworm: resolved

CVE-2017-7705 [HIGH] CVE-2017-7705: wireshark - In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector cou... In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. Scope: local bookworm: resolved (fixed in 2.2.6+g32dac6a-1) bullseye: resolved (fixed

CVE-2017-5596 [HIGH] CVE-2017-5596: wireshark - In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go i... In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. Scope: local bookworm: resolved (fixed in 2.2.4+gcc3dc1b-1) bullseye: resolved (fixed in 2.2.4+gcc

CVE-2017-11410 [HIGH] CVE-2017-11410: wireshark - In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could g... In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702

CVE-2017-17084 [HIGH] CVE-2017-17084: wireshark - In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could c... In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.4.3-1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4.3-1) trixie: resolved (fixed in 2.4.3-1)

CVE-2017-17085 [HIGH] CVE-2017-17085: wireshark - In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could ... In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.4.3-1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4.3-1) trixie: resolved (fixed in 2.4.3

CVE-2017-6469 [HIGH] CVE-2017-6469: wireshark - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector cras... In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. Scope: local bookworm: resolved (fixed in 2.2.5+g440fd4d-2) bullseye: resolved (fixed in 2.2.5+g440fd4d-2)

CVE-2017-11411 [HIGH] CVE-2017-11411: wireshark - In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector co... In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed in 2.4

CVE-2017-7747 [HIGH] CVE-2017-7747: wireshark - In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could cr... In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. Scope: local bookworm: resolved (fixed in 2.2.6+g32dac6a-1) bullseye: resolved (fixed in 2.2.6+g32dac6a-1) forky: resolve

CVE-2017-9347 [HIGH] CVE-2017-9347: wireshark - In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer d... In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie: resolved (fixed in 2

CVE-2017-6472 [HIGH] CVE-2017-6472: wireshark - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector inf... In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. Scope: local bookworm: resolved (fixed in 2.2.5+g440fd4d-2) bullseye: resolved (fixed in 2.2.5+g440fd4d-2) forky:

CVE-2017-9354 [HIGH] CVE-2017-9354: wireshark - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash.... In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie: resolved (fixed in 2.2.7-1)

CVE-2017-17083 [HIGH] CVE-2017-17083: wireshark - In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could cra... In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.4.3-1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4

CVE-2017-6468 [HIGH] CVE-2017-6468: wireshark - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parse... In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. Scope: local bookworm: resolved (fixed in 2.2.5+g440fd4d-2) bullseye: resolved (fixed in 2.2.5+g440fd4d-2) forky: resolved (fixed in 2.2.5+g

CVE-2017-13766 [HIGH] CVE-2017-13766: wireshark - In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash wi... In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. Scope: local bookworm: resolved (fixed in 2.4.1-1) bullseye: resolved (fixed in 2.4.1-1) forky: resolved (fixed in 2.4.1-1) sid: resolved (fixed in 2.4.1-1) trixie: reso

CVE-2017-11408 [HIGH] CVE-2017-11408: wireshark - In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash.... In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed in 2.4.0-1) forky: resolved (fixed in 2.4.0-1) sid: resolved (fixed in 2.4.0-1) trixie: resolved (fixed in 2.4.0

CVE-2017-13765 [HIGH] CVE-2017-13765: wireshark - In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector ha... In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. Scope: local bookworm: resolved (fixed in 2.4.1-1) bullseye: resolved (fixed in 2.4.1-1) forky: resolved (fixed in 2.4.1-1) sid: resolved (fixed in 2.4.1-1) trixi