CVE-2017-6474 Wireshark CVE debrief

Who should care

Security teams, network analysts, incident responders, and any organization that opens or automates processing of untrusted packet captures with Wireshark. Distribution maintainers and package managers should also confirm patched builds are deployed.

Technical summary

NVD records this issue as CVSS 3.0 7.5 (HIGH) with AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and CWE-835. A malformed NetScaler capture file can drive wiretap/netscaler.c into an infinite loop. The vendor fix validates record sizes to prevent the parser from getting stuck. Affected versions listed by NVD are Wireshark 2.0.0 through 2.0.10 and 2.2.0 through 2.2.4.

Defensive priority

High for environments that routinely inspect third-party or untrusted capture files; otherwise moderate. The impact is availability-only, but the hang can disrupt analysis workflows and automated processing.

Recommended defensive actions

• Upgrade Wireshark to a fixed release that includes the record-size validation for wiretap/netscaler.c.
• Confirm deployed package versions are outside the affected ranges: 2.0.0-2.0.10 and 2.2.0-2.2.4.
• Treat unknown or untrusted capture files as hostile input and isolate analysis workflows where practical.
• Monitor for parser hangs or stalled analysis jobs when opening NetScaler captures and remove suspect files from routine processing.
• If you rely on distribution packages, verify vendor security updates or backports are applied.

Evidence notes

This debrief is based on the supplied NVD record and linked Wireshark references. The record states the vulnerability is an infinite loop in the NetScaler file parser triggered by a malformed capture file, with the remediation described as validating record sizes in wiretap/netscaler.c. NVD lists CWE-835 and the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Linked references include the Wireshark bug tracker, vendor advisory, source commit, and third-party advisories.

Official resources