CVE-2017-9344 : In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.

Published 2017-06-02 05:29:00

Updated 2019-03-27 19:12:18

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-9344

Probability of exploitation activity in the next 30 days: 0.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-9344

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-9344

CWE-369 Divide By Zero

The product divides a value by zero.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-9344

https://www.wireshark.org/security/wnpa-sec-2017-29.html

Wireshark · wnpa-sec-2017-29 · BT L2CAP dissector divide by zero
Vendor Advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6308ae03d82a29a2e3d75e1c325c8a9f6c44dcdf

code.wireshark Code Review - wireshark.git/commit
Issue Tracking;Patch;Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701

13701 – [oss-fuzz] UBSAN: division by zero in packet-btl2cap.c:1687:87
Issue Tracking;Patch;Vendor Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1539

1539 - wireshark: Divide-by-zero in dissect_connparamrequest - oss-fuzz - Monorail
Issue Tracking;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html

[SECURITY] [DLA 1729-1] wireshark security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1038612

Wireshark Multiple Dissector Bugs Lets Remote Users Deny Service - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/98796

Wireshark 'dissectors/packet-btl2cap.c' Denial of Service Vulnerability
Third Party Advisory;VDB Entry

Products affected by CVE-2017-9344

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark
Versions from including (>=) 2.2.0 and up to, including, (<=) 2.2.6
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark
Versions from including (>=) 2.0.0 and up to, including, (<=) 2.0.12
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-9344

Exploit prediction scoring system (EPSS) score for CVE-2017-9344

CVSS scores for CVE-2017-9344

CWE ids for CVE-2017-9344

References for CVE-2017-9344

Products affected by CVE-2017-9344