CVE-2017-6014

Loading...

General

Score:7.8/10.0
Severity:High
Category:Resource Management Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2016-6354, CVE-2016-7175, CVE-2016-7176, CVE-2016-7177, CVE-2016-7178, CVE-2016-7179, CVE-2016-7180, CVE-2016-9373, CVE-2016-9374, CVE-2016-9375, CVE-2016-9376, CVE-2017-5596, CVE-2017-5597, CVE-2017-6467, CVE-2017-6468, CVE-2017-6469, CVE-2017-6470, CVE-2017-6471, CVE-2017-6472, CVE-2017-6473, CVE-2017-6474, CVE-2017-7700, CVE-2017-7701, CVE-2017-7702, CVE-2017-7703, CVE-2017-7704, CVE-2017-7705, CVE-2017-7745, CVE-2017-7746, CVE-2017-7747, CVE-2017-7748

Published on 17/02/17 - Updated on 04/11/17

Description

In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

Category: Resource Management Error

CWE-399 (Resource Management Errors)
Weaknesses in this category are related to improper management of system resources.

Security Notices

US National Vulnerability DatabaseCVE-2017-6014
Debian DSA-3811-1
Debian LTSDLA-826-1
SUSE SUSE-SU-2017:1174, SUSE-SU-2017:1442

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
wiresharkwireshark

Share this vulnerability with:

Twitter Facebook LinkedIn Mail