CVE-2017-6014
Last modified
CVE-2017-6014 is a vulnerability of currently unknown severity. In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. EPSS estimates a 2.94% chance of exploitation in the next 30 days.
Description
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wireshark | Wireshark | <= 2.2.4 |
| Debian | Debian Linux | 8.0 |
References
- http://www.debian.org/security/2017/dsa-3811Third Party Advisory
- http://www.securityfocus.com/bid/96284Third Party Advisory, VDB Entry
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416Issue Tracking, Vendor Advisory
- https://security.gentoo.org/glsa/201706-12Third Party Advisory
- http://www.debian.org/security/2017/dsa-3811Third Party Advisory
- http://www.securityfocus.com/bid/96284Third Party Advisory, VDB Entry
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416Issue Tracking, Vendor Advisory
- https://security.gentoo.org/glsa/201706-12Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-6014?
How severe is CVE-2017-6014?
How do I fix CVE-2017-6014?
Are you affected by CVE-2017-6014?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST