Alpine: tshark, multiple wireshark packages: security update to 2.2.6-r0 (deprecated)

high Tenable Cloud Security Plugin ID 400884

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This
was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
(CVE-2017-9352)

- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was
addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. (CVE-2017-9343)

- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This
was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. (CVE-2017-9344)

- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This
was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
(CVE-2017-9345)

- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop.
This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. (CVE-2017-9346)

See Also

https://git.alpinelinux.org/aports/commit/?id=012e5b8ddaa5ad3353e0df651fd6b2f2097705ab

https://git.alpinelinux.org/aports/commit/?id=bffb5065064bb22ab941550ba1aea1074aad64e7

Plugin Details

Severity: High

ID: 400884

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.7

Percentile: 97

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2017-9352

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2017-9354

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/13/2017

Vulnerability Publication Date: 6/1/2017

Reference Information

CVE: CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354

BID: 98796, 98797, 98798, 98799, 98800, 98801, 98802, 98803, 98804, 98805, 98806, 98808

IAVB: 2017-B-0067-S