PatchSiren cyber security CVE debrief

CVE-2017-6469 Wireshark CVE debrief

CVE-2017-6469 is a Wireshark denial-of-service issue in the LDSS dissector. A malformed capture file or injected packet can trigger a crash while Wireshark is parsing the data. The available evidence points to a memory-allocation bug in epan/dissectors/packet-ldss.c that was corrected by ensuring the relevant data structure is allocated before use.

Vendor: Wireshark
Product: CVE-2017-6469
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-04
Original CVE updated: 2026-05-13
Advisory published: 2017-03-04
Advisory updated: 2026-05-13

Who should care

Anyone running affected Wireshark 2.0.x or 2.2.x releases, especially analysts and teams that regularly open untrusted PCAPs or inspect traffic from outside their control. Debian security tracking also lists Debian 8.0 as affected through its packaged Wireshark build.

Technical summary

NVD classifies the issue as CVE-2017-6469 with CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and CWE-20. The vulnerable versions listed are Wireshark 2.0.0 through 2.0.10 and 2.2.0 through 2.2.4. The crash occurs in the LDSS dissector when malformed input reaches packet-ldss.c; Wireshark’s advisory and bug tracker reference a fix that ensures memory is allocated for the affected structure before it is used.

Defensive priority

High for environments that routinely process untrusted packet captures, because the issue is remotely triggerable in the sense that crafted input can be delivered to the parser and the impact is a crash/availability loss. If Wireshark is only used on trusted local files, priority is lower but still worth addressing during routine patching.

Recommended defensive actions

Upgrade Wireshark to a version newer than 2.2.4 or 2.0.10, or otherwise deploy the vendor-fixed release referenced in Wireshark’s advisory.
Treat capture files and packet data from external sources as untrusted inputs and avoid opening them in vulnerable builds.
Check downstream packaging notes for your distribution, including Debian security guidance if you rely on distro-provided Wireshark packages.
Use the Wireshark bug tracker and vendor advisory references to confirm the fix is present in your deployed version before closing remediation tasks.

Evidence notes

The description supplied with the CVE says the issue affected Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10 and was addressed in epan/dissectors/packet-ldss.c by ensuring memory allocation for a data structure. NVD records the CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and CWE-20. References include the Wireshark bug entry, Wireshark security advisory, NVD detail page, and a Debian security advisory.

Official resources

CVE-2017-6469 CVE record
CVE.org
CVE-2017-6469 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Vendor Advisory
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE published 2017-03-04T03:59:00.240Z; NVD record last modified 2026-05-13T00:24:29.033Z. The publication date is the relevant CVE timing reference here.