Test ID:	1.3.6.1.4.1.25623.1.0.811596
Category:	Denial of Service
Title:	Wireshark 'IrCOMM' And 'MSDP' Dissectors DoS Vulnerabilities - Windows
Summary:	Wireshark is prone to multiple denial of service vulnerabilities.
Description:	Summary: Wireshark is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Missing length validation in 'epan/dissectors/packet-msdp.c' so that the MSDP dissector could go into an infinite loop. - Missing length validation in 'plugins/irda/packet-ircomm.c' so that the IrCOMM dissector could read past the end of a buffer. Vulnerability Impact: Successful exploitation will allow attackers to make Wireshark crash and also consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected Software/OS: Wireshark version 2.4.0, 2.2.0 to 2.2.8, 2.0.0 to 2.0.14 on Windows. Solution: Upgrade to Wireshark version 2.4.1 or 2.2.9 or 2.0.15 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-13765 BugTraq ID: 100551 http://www.securityfocus.com/bid/100551 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html http://www.securitytracker.com/id/1039254 Common Vulnerability Exposure (CVE) ID: CVE-2017-13767 BugTraq ID: 100549 http://www.securityfocus.com/bid/100549
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.