Alpine: multiple wireshark packages, tshark: security update to 2.2.7-r0

high Tenable Self-Hosted Container Security Plugin ID 427488

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This
was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
(CVE-2017-9352)

- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was
addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. (CVE-2017-9343)

- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This
was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. (CVE-2017-9344)

- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This
was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
(CVE-2017-9345)

- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop.
This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. (CVE-2017-9346)

See Also

https://security.alpinelinux.org/vuln/CVE-2017-9343

https://security.alpinelinux.org/vuln/CVE-2017-9344

https://security.alpinelinux.org/vuln/CVE-2017-9345

https://security.alpinelinux.org/vuln/CVE-2017-9346

https://security.alpinelinux.org/vuln/CVE-2017-9347

https://security.alpinelinux.org/vuln/CVE-2017-9348

https://security.alpinelinux.org/vuln/CVE-2017-9349

https://security.alpinelinux.org/vuln/CVE-2017-9350

https://security.alpinelinux.org/vuln/CVE-2017-9351

https://security.alpinelinux.org/vuln/CVE-2017-9352

https://security.alpinelinux.org/vuln/CVE-2017-9353

https://security.alpinelinux.org/vuln/CVE-2017-9354

Plugin Details

Severity: High

ID: 427488

Version: Revision 1.3

Type: Local

Published: 5/16/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.7

Percentile: 97

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2017-9352

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2017-9354

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/12/2017

Reference Information

CVE: CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354

BID: 98796, 98797, 98798, 98799, 98800, 98801, 98802, 98803, 98804, 98805, 98806, 98808

IAVB: 2017-B-0067-S