Vulnerability Details : CVE-2017-6014
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
Products affected by CVE-2017-6014
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6014
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6014
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-6014
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6014
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416
13416 – memory exhausion/infinite loop via malformed STANAG 4607 capture fileIssue Tracking;Vendor Advisory
-
http://www.debian.org/security/2017/dsa-3811
Debian -- Security Information -- DSA-3811-1 wiresharkThird Party Advisory
-
https://security.gentoo.org/glsa/201706-12
Wireshark: Multiple vulnerabilities (GLSA 201706-12) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/96284
Wireshark CVE-2017-6014 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to