PatchSiren cyber security CVE debrief

CVE-2017-6470 Wireshark CVE debrief

CVE-2017-6470 is a denial-of-service issue in Wireshark’s IAX2 dissector. A malformed capture file or injected packet could trigger an infinite loop while processing IAX2 traffic, which can hang the application and stop analysis. NVD rates the issue 7.5 HIGH with a CVSS v3.0 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The affected ranges listed by NVD are Wireshark 2.0.0 through 2.0.10 and 2.2.0 through 2.2.4, with the issue addressed by constraining packet lateness in packet-iax2.c.

Vendor: Wireshark
Product: CVE-2017-6470
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-04
Original CVE updated: 2026-05-13
Advisory published: 2017-03-04
Advisory updated: 2026-05-13

Who should care

Security teams, network analysts, and anyone using Wireshark to open untrusted capture files or inspect live traffic should care, especially in environments where malformed packets can be introduced into analysis workflows.

Technical summary

NVD identifies the weakness as CWE-835 (infinite loop). The vulnerability is in the IAX2 dissector (epan/dissectors/packet-iax2.c) and can be triggered by packet injection or a malformed capture file. The result is availability impact only: Wireshark may become stuck in an infinite loop and stop responding. NVD lists affected versions as 2.0.0-2.0.10 and 2.2.0-2.2.4, and the referenced Wireshark fix constrains packet lateness.

Defensive priority

High for organizations that routinely process untrusted packet captures or live network data. The bug is remotely triggerable through malformed traffic/captures and can cause a reliable availability impact in a core analysis tool.

Recommended defensive actions

Upgrade Wireshark to a version newer than 2.0.10 or 2.2.4, using vendor guidance from the Wireshark security advisory.
Treat untrusted capture files and packet feeds as potentially disruptive inputs until patched.
If you operate automated capture-processing or analysis pipelines, add watchdogs/timeouts so a hang in a dissector does not stall the whole workflow.
Review environments that rely on Debian packages or other downstream distributions for patch status, since NVD lists Debian Linux 8.0 as affected in its CPE data.
Use the linked Wireshark bug and commit references to confirm the presence of the fix in your deployed build line.

Evidence notes

This debrief is grounded in the supplied NVD record and its listed references. The core facts used here are: the IAX2 infinite loop description, the affected Wireshark version ranges, the CWE-835 classification, the CVSS v3.0 vector, and the referenced fix in packet-iax2.c that constrains packet lateness. The references also include the Wireshark bug tracker entry, a source commit, the Wireshark security advisory, and third-party advisories.

Official resources

CVE-2017-6470 CVE record
CVE.org
CVE-2017-6470 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Vendor Advisory
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE-2017-6470 was published on 2017-03-04T03:59:00.270Z and later modified in NVD on 2026-05-13T00:24:29.033Z. The NVD record identifies Wireshark versions 2.0.0-2.0.10 and 2.2.0-2.2.4 as affected.