CVE-2017-11408

Published: Jul 18, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.

Affected (22)

Products: Wireshark: Wireshark

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.0.0
Wireshark Wireshark	Version 2.0.10
Wireshark Wireshark	Version 2.0.11
Wireshark Wireshark	Version 2.0.12
Wireshark Wireshark	Version 2.0.13
Wireshark Wireshark	Version 2.0.1
Wireshark Wireshark	Version 2.0.2
Wireshark Wireshark	Version 2.0.3
Wireshark Wireshark	Version 2.0.4
Wireshark Wireshark	Version 2.0.5
Wireshark Wireshark	Version 2.0.6
Wireshark Wireshark	Version 2.0.7
Wireshark Wireshark	Version 2.0.8
Wireshark Wireshark	Version 2.0.9

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.2.0
Wireshark Wireshark	Version 2.2.1
Wireshark Wireshark	Version 2.2.2
Wireshark Wireshark	Version 2.2.3
Wireshark Wireshark	Version 2.2.4
Wireshark Wireshark	Version 2.2.5
Wireshark Wireshark	Version 2.2.6
Wireshark Wireshark	Version 2.2.7

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://www.securityfocus.com/bid/99894

Source: cve@mitre.org

http://www.securitytracker.com/id/1038966

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780

Source: cve@mitre.org

Issue TrackingPatchVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a102c172b0b2fe231fdb49f4f6694603f5b93b0c

Source: cve@mitre.org

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e57c86ef8e3b57b7f90c224f6053d1eacf20e1ba

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2017/12/msg00029.html

Source: cve@mitre.org

https://www.debian.org/security/2017/dsa-4060

Source: cve@mitre.org

https://www.wireshark.org/security/wnpa-sec-2017-34.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/99894

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1038966

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a102c172b0b2fe231fdb49f4f6694603f5b93b0c

Source: af854a3a-2127-422b-91ae-364da2661108

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e57c86ef8e3b57b7f90c224f6053d1eacf20e1ba

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2017/12/msg00029.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2017/dsa-4060

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.wireshark.org/security/wnpa-sec-2017-34.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.