Vulnerability Details : CVE-2017-9348
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
Vulnerability category: Overflow
Products affected by CVE-2017-9348
- cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9348
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9348
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-9348
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9348
-
https://www.wireshark.org/security/wnpa-sec-2017-23.html
Wireshark · wnpa-sec-2017-23 · DOF dissector read overflowVendor Advisory
-
http://www.securityfocus.com/bid/98801
Wireshark 'epan/dissectors/packet-dof.c' Heap Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1038612
Wireshark Multiple Dissector Bugs Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7fe55f96672b7bf2b4ceb9ae039a0f43eddd3151
code.wireshark Code Review - wireshark.git/commitIssue Tracking;Patch;Vendor Advisory
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608
13608 – [oss-fuzz] ASAN: heap-buffer-overflow epan/dissectors/packet-dof.c:3899:32 in OALMarshal_UncompressValueIssue Tracking;Patch;Vendor Advisory
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1151
1151 - wireshark: Heap-buffer-overflow in OALMarshal_UncompressValue - oss-fuzz - MonorailIssue Tracking;Third Party Advisory
Jump to