Debian Wireshark vulnerabilities

CVE-2017-6471 [HIGH] CVE-2017-6471: wireshark - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, t... In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. Scope: local bookworm: resolved (fixed in 2.2.5+g440fd4d-2) bullseye: resolved (fixed in 2.2.5+g440fd4d-2) forky: resolved (fixed in 2.2.5+g44

CVE-2017-13764 [HIGH] CVE-2017-13764: wireshark - In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer derefer... In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. Scope: local bookworm: resolved (fixed in 2.4.1-1) bullseye: resolved (fixed in 2.4.1-1) forky: resolved (fixed in 2.4.1-1) sid: resolved (fixed in 2.4.1-1) trixie: resolved (fixed in 2.4.1-1)

CVE-2017-9348 [HIGH] CVE-2017-9348: wireshark - In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buff... In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie: resolved (fixed in 2.2.7-1)

CVE-2017-11406 [HIGH] CVE-2017-11406: wireshark - In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go i... In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed in 2.4.0-1) forky: resolved (fixed in 2.4.0-1) sid: resolved (fixed in 2.4.0-1) t

CVE-2017-7704 [HIGH] CVE-2017-7704: wireshark - In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, t... In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. Scope: local bookworm: resolved (fixed in 2.2.6+g32dac6a-1) bullseye: resolved (fixed in 2.2.6+g32dac6a-1) for

CVE-2017-17997 [HIGH] CVE-2017-17997: wireshark - In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and cras... In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed in 2.4.0-1) forky: resolved (fixed in 2.4.0-1) sid: resolved (fixed in

CVE-2017-6474 [HIGH] CVE-2017-6474: wireshark - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parse... In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. Scope: local bookworm: resolved (fixed in 2.2.5+g440fd4d-2) bullseye: resolved (fixed in 2.2.5+g440fd4d-2) forky: resolved (fixed in 2.2.5+g440fd4d-2) sid: resolv

CVE-2017-6470 [HIGH] CVE-2017-6470: wireshark - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop,... In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. Scope: local bookworm: resolved (fixed in 2.2.5+g440fd4d-2) bullseye: resolved (fixed in 2.2.5+g440fd4d-2) forky: resolved (fixed in 2.2.5+g440

CVE-2017-7701 [HIGH] CVE-2017-7701: wireshark - In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into... In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type. Scope: local bookworm: resolved (fixed in 2.2.6+g32dac6a-1) bullseye: resolved (fixed in 2.2.6+g32dac6a-1) forky: resol

CVE-2017-15192 [HIGH] CVE-2017-15192: wireshark - In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash... In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. Scope: local bookworm: resolved (fixed in 2.4.2-1) bullseye: resolved (fixed in 2.4.2-1) forky: resolved (fixed in 2.4.2-1) sid: resolved (

CVE-2017-15189 [HIGH] CVE-2017-15189: wireshark - In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop... In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. Scope: local bookworm: resolved (fixed in 2.4.2-1) bullseye: resolved (fixed in 2.4.2-1) forky: resolved (fixed in 2.4.2-1) sid: resolved (fixed in 2.4.2-1) trixie: resolved (fixed in 2.4.2-1)

CVE-2017-7746 [HIGH] CVE-2017-7746: wireshark - In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go int... In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. Scope: local bookworm: resolved (fixed in 2.2.6+g32dac6a-1) bullseye: resolved (fixed in 2.2.6+g32dac6a-1) forky:

CVE-2017-9352 [HIGH] CVE-2017-9352: wireshark - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go i... In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie: r

CVE-2017-9346 [HIGH] CVE-2017-9346: wireshark - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go... In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie: resolved (

CVE-2017-9353 [HIGH] CVE-2017-9353: wireshark - In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed ... In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie: resolved (fixed in 2.2.7-1)

CVE-2017-7748 [HIGH] CVE-2017-7748: wireshark - In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into... In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check. Scope: local bookworm: resolved (fixed in 2.2.6+g32dac6a-1) bullseye: resolved (fixed in 2.2.6+g32dac6a-1) forky: resolved (fixed in

CVE-2017-9350 [HIGH] CVE-2017-9350: wireshark - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could ... In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie

CVE-2017-9343 [HIGH] CVE-2017-9343: wireshark - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a N... In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie: resolved (fixed in 2.2.7-1

CVE-2017-7700 [MEDIUM] CVE-2017-7700: wireshark - In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could... In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. Scope: local bookworm: resolved (fixed in 2.2.6+g32dac6a-1) bullseye: resolved (fixed in 2.2.6+g32dac6a-1) forky: resolved (fixed in 2.2.6+g32d

CVE-2017-9766 [HIGH] CVE-2017-9766: wireshark - In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote a... In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed in 2.4.0-1) forky: resolved (fixed in 2.4.0-1) sid: resolved (fixed in 2.4.