These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-6474 is a denial-of-service issue in Wireshark’s NetScaler file parser. A malformed capture file can trigger an infinite loop and cause Wireshark to hang while parsing. The issue was fixed by validating record sizes in the parser.
CVE-2017-6473 is a high-severity Wireshark issue in the K12 file parser. A malformed capture file can crash affected releases, and the vendor addressed the problem by validating length and offset relationships in wiretap/k12.c.
CVE-2017-6472 is a denial-of-service vulnerability in Wireshark’s RTMPT dissector. According to the CVE record and NVD, malformed capture files or packet injection could trigger an infinite loop in affected Wireshark 2.0.0-2.0.10 and 2.2.0-2.2.4 releases; the issue was fixed in packet-rtmpt.c by properly advancing the sequence value. The CVSS 3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, so the main [truncated]
CVE-2017-6471 is a denial-of-service vulnerability in Wireshark’s WSP dissector. According to the CVE record and Wireshark references, malformed capture files or packet injection can trigger an infinite loop in affected versions, preventing normal processing. The issue was addressed by validating the capability length in packet-wsp.c.
CVE-2017-6470 is a denial-of-service issue in Wireshark’s IAX2 dissector. A malformed capture file or injected packet could trigger an infinite loop while processing IAX2 traffic, which can hang the application and stop analysis. NVD rates the issue 7.5 HIGH with a CVSS v3.0 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The affected ranges listed by NVD are Wireshark 2.0.0 through 2.0.10 and 2.2.0 throug [truncated]
CVE-2017-6469 is a Wireshark denial-of-service issue in the LDSS dissector. A malformed capture file or injected packet can trigger a crash while Wireshark is parsing the data. The available evidence points to a memory-allocation bug in epan/dissectors/packet-ldss.c that was corrected by ensuring the relevant data structure is allocated before use.
CVE-2017-6468 is a Wireshark denial-of-service issue in the NetScaler file parser. According to the CVE record, malformed capture files could trigger a parser crash in affected Wireshark releases, and the fix was to validate the relationship between pages and records in wiretap/netscaler.c. The issue affects Wireshark 2.0.0 through 2.0.10 and 2.2.0 through 2.2.4. Because the impact is availability-only bu [truncated]
CVE-2017-6467 is a Wireshark denial-of-service issue in the Netscaler file parser. A malformed capture file could drive the parser into an infinite loop, resulting in a hang and loss of availability. NVD rates the issue HIGH with CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, reflecting that it can be triggered without privileges or user interaction and primarily affects service availability.
CVE-2017-5597 is a Wireshark denial-of-service issue in the DHCPv6 dissector. A malformed capture file or injected packet can drive the parser into a large loop because of an integer overflow in packet-dhcpv6.c. The issue was fixed by changing a data type to prevent the overflow.
CVE-2017-5596 is a denial-of-service issue in Wireshark’s ASTERIX dissector. When parsing certain malformed capture files or injected packets, affected Wireshark versions can enter an infinite loop. The issue was fixed by changing a data type in packet-asterix.c to avoid an integer overflow.