CVE-2017-11410

Published: Jul 18, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.

Affected (22)

Products: Wireshark: Wireshark

Wireshark

1 product

Wireshark

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.0.0
Wireshark Wireshark	Version 2.0.10
Wireshark Wireshark	Version 2.0.11
Wireshark Wireshark	Version 2.0.12
Wireshark Wireshark	Version 2.0.13
Wireshark Wireshark	Version 2.0.1
Wireshark Wireshark	Version 2.0.2
Wireshark Wireshark	Version 2.0.3
Wireshark Wireshark	Version 2.0.4
Wireshark Wireshark	Version 2.0.5
Wireshark Wireshark	Version 2.0.6
Wireshark Wireshark	Version 2.0.7
Wireshark Wireshark	Version 2.0.8
Wireshark Wireshark	Version 2.0.9

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.2.0
Wireshark Wireshark	Version 2.2.1
Wireshark Wireshark	Version 2.2.2
Wireshark Wireshark	Version 2.2.3
Wireshark Wireshark	Version 2.2.4
Wireshark Wireshark	Version 2.2.5
Wireshark Wireshark	Version 2.2.6
Wireshark Wireshark	Version 2.2.7