Vulnerability Details : CVE-2017-9353
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
Vulnerability category: Input validation
Products affected by CVE-2017-9353
- cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9353
1.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9353
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-9353
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9353
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1303
1303 - wireshark: Crash in in6_is_addr_multicast - oss-fuzz - MonorailIssue Tracking;Third Party Advisory
-
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40b2d475c2ad550c1a0f536d5eb30f2a7404c4f0
code.wireshark Code Review - wireshark.git/commitIssue Tracking;Patch;Vendor Advisory
-
http://www.securitytracker.com/id/1038612
Wireshark Multiple Dissector Bugs Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/42123/
Wireshark 2.2.6 - IPv6 Dissector Denial of ServiceExploit;Third Party Advisory;VDB Entry
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675
13675 – [oss-fuzz] UBSAN: member access within null pointer of type 'const struct e_in6_addr' in inet_ipv6.h:111:15Issue Tracking;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/98805
Wireshark 'epan/dissectors/packet-ipv6.c' Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://www.wireshark.org/security/wnpa-sec-2017-33.html
Wireshark · wnpa-sec-2017-33 · IPv6 dissector crashVendor Advisory
Jump to