CVE-2017-13767

Published: Aug 30, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.

Affected (23)

Products: Wireshark: Wireshark

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.0.0
Wireshark Wireshark	Version 2.0.10
Wireshark Wireshark	Version 2.0.11
Wireshark Wireshark	Version 2.0.12
Wireshark Wireshark	Version 2.0.13
Wireshark Wireshark	Version 2.0.1
Wireshark Wireshark	Version 2.0.2
Wireshark Wireshark	Version 2.0.3
Wireshark Wireshark	Version 2.0.4
Wireshark Wireshark	Version 2.0.5
Wireshark Wireshark	Version 2.0.6
Wireshark Wireshark	Version 2.0.7
Wireshark Wireshark	Version 2.0.8
Wireshark Wireshark	Version 2.0.9

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.2.0
Wireshark Wireshark	Version 2.2.1
Wireshark Wireshark	Version 2.2.2
Wireshark Wireshark	Version 2.2.3
Wireshark Wireshark	Version 2.2.4
Wireshark Wireshark	Version 2.2.5
Wireshark Wireshark	Version 2.2.6
Wireshark Wireshark	Version 2.2.7

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.4.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (10)

http://www.securityfocus.com/bid/100549

Source: cve@mitre.org

http://www.securitytracker.com/id/1039254

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933

Source: cve@mitre.org

Issue TrackingPatchVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6f18ace2a2683418a9368a8dfd92da6bd8213e15

Source: cve@mitre.org

https://www.wireshark.org/security/wnpa-sec-2017-38.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/100549

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1039254

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6f18ace2a2683418a9368a8dfd92da6bd8213e15

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.wireshark.org/security/wnpa-sec-2017-38.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.