Denial of Service : Wireshark Multiple Denial-of-Service Vulnerabilities-02 (Jun 2017)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.811072

Categoría: Denial of Service

Título: Wireshark Multiple Denial-of-Service Vulnerabilities-02 (Jun 2017) - Windows

Resumen: Wireshark is prone to multiple vulnerabilities.

Descripción: Summary:
Wireshark is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- An error in the epan/dissectors/packet-ipv6.c script within the IPv6
dissector which could crash.

- An error in the epan/dissectors/asn1/ros/packet-ros-template.c script within
the ROS dissector which could crash with a NULL pointer dereference.

- An error in the epan/dissectors/packet-dof.c script within the DOF dissector
which could read past the end of a buffer.

Vulnerability Impact:
Successful exploitation will allow attacker
to crash wireshark and result in denial-of-service condition.

Affected Software/OS:
Wireshark version 2.2.0 through 2.2.6
on Windows

Solution:
Upgrade to Wireshark version 2.2.7 or
later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-9348
BugTraq ID: 98801
http://www.securityfocus.com/bid/98801
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1151
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7fe55f96672b7bf2b4ceb9ae039a0f43eddd3151
https://www.wireshark.org/security/wnpa-sec-2017-23.html
http://www.securitytracker.com/id/1038612
Common Vulnerability Exposure (CVE) ID: CVE-2017-9347
BugTraq ID: 98800
http://www.securityfocus.com/bid/98800
https://www.exploit-db.com/exploits/42124/
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1216
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=278e52f26e7e1a23f8d2e8ed98693328c992bdce
https://www.wireshark.org/security/wnpa-sec-2017-31.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-9353
BugTraq ID: 98805
http://www.securityfocus.com/bid/98805
https://www.exploit-db.com/exploits/42123/
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1303
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40b2d475c2ad550c1a0f536d5eb30f2a7404c4f0
https://www.wireshark.org/security/wnpa-sec-2017-33.html

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.811072
Categoría:	Denial of Service
Título:	Wireshark Multiple Denial-of-Service Vulnerabilities-02 (Jun 2017) - Windows
Resumen:	Wireshark is prone to multiple vulnerabilities.
Descripción:	Summary: Wireshark is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An error in the epan/dissectors/packet-ipv6.c script within the IPv6 dissector which could crash. - An error in the epan/dissectors/asn1/ros/packet-ros-template.c script within the ROS dissector which could crash with a NULL pointer dereference. - An error in the epan/dissectors/packet-dof.c script within the DOF dissector which could read past the end of a buffer. Vulnerability Impact: Successful exploitation will allow attacker to crash wireshark and result in denial-of-service condition. Affected Software/OS: Wireshark version 2.2.0 through 2.2.6 on Windows Solution: Upgrade to Wireshark version 2.2.7 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-9348 BugTraq ID: 98801 http://www.securityfocus.com/bid/98801 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1151 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7fe55f96672b7bf2b4ceb9ae039a0f43eddd3151 https://www.wireshark.org/security/wnpa-sec-2017-23.html http://www.securitytracker.com/id/1038612 Common Vulnerability Exposure (CVE) ID: CVE-2017-9347 BugTraq ID: 98800 http://www.securityfocus.com/bid/98800 https://www.exploit-db.com/exploits/42124/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1216 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=278e52f26e7e1a23f8d2e8ed98693328c992bdce https://www.wireshark.org/security/wnpa-sec-2017-31.html Common Vulnerability Exposure (CVE) ID: CVE-2017-9353 BugTraq ID: 98805 http://www.securityfocus.com/bid/98805 https://www.exploit-db.com/exploits/42123/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1303 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40b2d475c2ad550c1a0f536d5eb30f2a7404c4f0 https://www.wireshark.org/security/wnpa-sec-2017-33.html
Copyright	Copyright (C) 2017 Greenbone AG