PatchSiren cyber security CVE debrief

CVE-2017-5596 Wireshark CVE debrief

CVE-2017-5596 is a denial-of-service issue in Wireshark’s ASTERIX dissector. When parsing certain malformed capture files or injected packets, affected Wireshark versions can enter an infinite loop. The issue was fixed by changing a data type in packet-asterix.c to avoid an integer overflow.

Vendor: Wireshark
Product: CVE-2017-5596
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-25
Original CVE updated: 2026-05-13
Advisory published: 2017-01-25
Advisory updated: 2026-05-13

Who should care

Security teams, network analysts, and anyone using Wireshark to inspect untrusted packet captures should care most. This also matters for environments that ingest third-party PCAPs, automated analysis pipelines, or packet-processing workflows where a hang could disrupt triage.

Technical summary

The CVE affects Wireshark 2.0.0 through 2.0.9 and 2.2.0 through 2.2.3. NVD lists the weakness classes as CWE-190 (integer overflow) and CWE-835 (infinite loop). The vendor and patch references indicate the fix was made in epan/dissectors/packet-asterix.c by changing a data type to prevent the overflow condition that could otherwise lead to non-terminating parsing.

Defensive priority

High. The impact is availability-only, but the attack path is low-friction for environments that parse untrusted capture data. The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, so organizations that rely on Wireshark for routine analysis should prioritize patching.

Recommended defensive actions

Upgrade Wireshark to a version newer than the affected 2.0.0-2.0.9 and 2.2.0-2.2.3 ranges, or apply the vendor fix referenced in the Wireshark advisory.
Treat capture files from untrusted sources as hostile input and isolate analysis workflows where practical.
Monitor for abnormal Wireshark hangs or analysis jobs that stop responding while parsing ASTERIX traffic.
Use the Wireshark vendor advisory and linked bug/patch references to verify your deployed build contains the ASTERIX dissector fix.
If you maintain internal tooling that embeds Wireshark libraries or dissectors, rebuild against the patched source and retest ASTERIX parsing paths.

Evidence notes

The CVE description states that the ASTERIX dissector in Wireshark 2.2.0-2.2.3 and 2.0.0-2.0.9 could enter an infinite loop when triggered by packet injection or a malformed capture file. NVD lists CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and CWE-190/CWE-835. The CVE record links to Wireshark bug 13344, a vendor advisory, and a patch/commit reference, supporting the fix description and affected component.

Official resources

CVE-2017-5596 CVE record
CVE.org
CVE-2017-5596 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE-2017-5596 was published on 2017-01-25 and the NVD record was last modified on 2026-05-13. The CVE record includes Wireshark vendor advisory, bug tracker, patch, and commit references, indicating coordinated public disclosure and fix-up.