CVE-2017-5596

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.

References

http://www.debian.org/security/2017/dsa-3811

http://www.securityfocus.com/bid/95795

http://www.securitytracker.com/id/1037694

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13344

https://code.wireshark.org/review/#/c/19746/

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=781f03580c81339513bb1238b202b72469a1240b

https://www.wireshark.org/security/wnpa-sec-2017-01.html

Details

Source: MITRE

Published: 2017-01-25

Updated: 2019-10-03

Type: CWE-190

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
100539SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2017:1442-1)NessusSuSE Local Security Checks
critical
99991SUSE SLES11 Security Update : wireshark (SUSE-SU-2017:1174-1)NessusSuSE Local Security Checks
high
97800Debian DSA-3811-1 : wireshark - security updateNessusDebian Local Security Checks
high
97782Debian DLA-858-1 : wireshark security updateNessusDebian Local Security Checks
high
97167Fedora 25 : wireshark (2017-541aea2890)NessusFedora Local Security Checks
high
96997openSUSE Security Update : Wireshark (openSUSE-2017-194)NessusSuSE Local Security Checks
high
96765Wireshark 2.0.x < 2.0.10 / 2.2.x < 2.2.4 Multiple DoSNessusWindows
high