CVE-2017-6014

NameCVE-2017-6014
DescriptionIn Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-826-1, DSA-3811-1
NVD severityhigh
Debian Bugs855408

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wireshark (PTS)stretch (security), stretch2.6.7-1~deb9u1fixed
buster2.6.8-1.1fixed
bullseye, sid3.2.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wiresharksourcewheezy1.12.1+g01b65bf-4+deb8u6~deb7u6DLA-826-1
wiresharksourcejessie1.12.1+g01b65bf-4+deb8u11DSA-3811-1
wiresharksource(unstable)2.2.5+g440fd4d-2855408

Notes

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416

Search for package or bug name: Reporting problems