CVE-2017-6472 Wireshark CVE debrief

Who should care

Security teams, incident responders, packet-analysis users, and anyone running Wireshark on untrusted captures or live traffic should care, especially if they rely on affected 2.0.x or 2.2.x releases.

Technical summary

The RTMPT dissector could enter an infinite loop during parsing because a sequence value was not incremented correctly. NVD classifies the weakness as CWE-835 (loop with unreachable exit condition), and the vendor fix is referenced in the Wireshark bug tracker and repository commit linked from the CVE record.

Defensive priority

High priority for environments that routinely inspect untrusted network captures or live traffic, because the flaw can be triggered without privileges or user interaction and results in denial of service.

Recommended defensive actions

• Upgrade Wireshark to a release that includes the RTMPT dissector fix; the vulnerable ranges listed by NVD are 2.0.0-2.0.10 and 2.2.0-2.2.4.
• Treat malformed or untrusted capture files as high-risk input and avoid opening them with vulnerable Wireshark versions.
• If upgrade is delayed, restrict use of affected analyzers on untrusted data and route suspicious captures to patched tooling only.
• Validate that your distribution or package source includes the vendor fix referenced by Wireshark’s advisory, bug tracker entry, or downstream security notice.

Evidence notes

Primary evidence comes from the official CVE record and NVD detail page, which list the vulnerable Wireshark version ranges, the RTMPT infinite-loop condition, CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, and CWE-835. NVD references Wireshark bug 13347, the vendor advisory wnpa-sec-2017-04, a repository commit, and a Debian security advisory, all of which support the fix and affected-product context. Timing context: the CVE was published on 2017-03-04 and later modified on 2026-05-13; those dates are used only as record timing, not as vulnerability discovery or exploitation dates.

Official resources