CVE-2017-6473 Wireshark CVE debrief

Who should care

Security teams and administrators running Wireshark 2.2.0-2.2.4 or 2.0.0-2.0.10, especially where analysts open untrusted capture files or where Wireshark is bundled into distro packages such as Debian 8.0.

Technical summary

NVD classifies the weakness as CWE-20 (improper input validation). The affected parser path is wiretap/k12.c, where malformed capture input could trigger a crash. NVD lists vulnerable Wireshark ranges of 2.0.0-2.0.10 and 2.2.0-2.2.4, with a CVSS 3.0 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Defensive priority

High. The issue is a parser crash in a common packet-analysis tool, and the published CVSS score indicates a severe availability impact.

Recommended defensive actions

• Upgrade Wireshark to a release outside the affected ranges (newer than 2.0.10 and 2.2.4).
• Apply the vendor or distribution security update that includes the wiretap/k12.c validation fix.
• Treat capture files from untrusted sources as untrusted inputs and isolate analysis workflows where possible.
• Verify whether packaged deployments, including Debian 8.0, have received the corresponding security update.
• Monitor for unexpected Wireshark crashes when opening K12-format captures and remove any exposed affected builds from service.

Evidence notes

The supplied corpus includes the NVD record, the Wireshark vendor advisory, the Wireshark bug tracker entry (13431), and the linked patch commit. These sources agree that the issue is a malformed-capture-file parser crash fixed by validating length/offset relationships. NVD also provides the affected version ranges and CWE-20 classification.

Official resources