Denial of Service : Wireshark Multiple Denial-of-Service Vulnerabilities-02 June17 (Windows)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.811072

Categoría: Denial of Service

Título: Wireshark Multiple Denial-of-Service Vulnerabilities-02 June17 (Windows)

Resumen: Wireshark is prone to multiple vulnerabilities.

Descripción: Summary:
Wireshark is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- An error in the epan/dissectors/packet-ipv6.c script within the IPv6
dissector which could crash.

- An error in the epan/dissectors/asn1/ros/packet-ros-template.c script within
the ROS dissector which could crash with a NULL pointer dereference.

- An error in the epan/dissectors/packet-dof.c script within the DOF dissector
which could read past the end of a buffer.

Vulnerability Impact:
Successful exploitation will allow attacker
to crash wireshark and result in denial-of-service condition.

Affected Software/OS:
Wireshark version 2.2.0 through 2.2.6
on Windows

Solution:
Upgrade to Wireshark version 2.2.7 or
later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: BugTraq ID: 98801
BugTraq ID: 98800
BugTraq ID: 98805
Common Vulnerability Exposure (CVE) ID: CVE-2017-9348
http://www.securityfocus.com/bid/98801
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1151
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7fe55f96672b7bf2b4ceb9ae039a0f43eddd3151
https://www.wireshark.org/security/wnpa-sec-2017-23.html
http://www.securitytracker.com/id/1038612
Common Vulnerability Exposure (CVE) ID: CVE-2017-9347
http://www.securityfocus.com/bid/98800
https://www.exploit-db.com/exploits/42124/
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1216
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=278e52f26e7e1a23f8d2e8ed98693328c992bdce
https://www.wireshark.org/security/wnpa-sec-2017-31.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-9353
http://www.securityfocus.com/bid/98805
https://www.exploit-db.com/exploits/42123/
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1303
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40b2d475c2ad550c1a0f536d5eb30f2a7404c4f0
https://www.wireshark.org/security/wnpa-sec-2017-33.html

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.811072
Categoría:	Denial of Service
Título:	Wireshark Multiple Denial-of-Service Vulnerabilities-02 June17 (Windows)
Resumen:	Wireshark is prone to multiple vulnerabilities.
Descripción:	Summary: Wireshark is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An error in the epan/dissectors/packet-ipv6.c script within the IPv6 dissector which could crash. - An error in the epan/dissectors/asn1/ros/packet-ros-template.c script within the ROS dissector which could crash with a NULL pointer dereference. - An error in the epan/dissectors/packet-dof.c script within the DOF dissector which could read past the end of a buffer. Vulnerability Impact: Successful exploitation will allow attacker to crash wireshark and result in denial-of-service condition. Affected Software/OS: Wireshark version 2.2.0 through 2.2.6 on Windows Solution: Upgrade to Wireshark version 2.2.7 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	BugTraq ID: 98801 BugTraq ID: 98800 BugTraq ID: 98805 Common Vulnerability Exposure (CVE) ID: CVE-2017-9348 http://www.securityfocus.com/bid/98801 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1151 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7fe55f96672b7bf2b4ceb9ae039a0f43eddd3151 https://www.wireshark.org/security/wnpa-sec-2017-23.html http://www.securitytracker.com/id/1038612 Common Vulnerability Exposure (CVE) ID: CVE-2017-9347 http://www.securityfocus.com/bid/98800 https://www.exploit-db.com/exploits/42124/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1216 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=278e52f26e7e1a23f8d2e8ed98693328c992bdce https://www.wireshark.org/security/wnpa-sec-2017-31.html Common Vulnerability Exposure (CVE) ID: CVE-2017-9353 http://www.securityfocus.com/bid/98805 https://www.exploit-db.com/exploits/42123/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1303 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40b2d475c2ad550c1a0f536d5eb30f2a7404c4f0 https://www.wireshark.org/security/wnpa-sec-2017-33.html
Copyright	Copyright (C) 2017 Greenbone Networks GmbH