CVE-2017-5597

Published: Jan 25, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.

Affected (14)

Products: Wireshark: Wireshark

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.0.0
Wireshark Wireshark	Version 2.0.1
Wireshark Wireshark	Version 2.0.2
Wireshark Wireshark	Version 2.0.3
Wireshark Wireshark	Version 2.0.4
Wireshark Wireshark	Version 2.0.5
Wireshark Wireshark	Version 2.0.6
Wireshark Wireshark	Version 2.0.7
Wireshark Wireshark	Version 2.0.8
Wireshark Wireshark	Version 2.0.9
Wireshark Wireshark	Version 2.2.0
Wireshark Wireshark	Version 2.2.1
Wireshark Wireshark	Version 2.2.2
Wireshark Wireshark	Version 2.2.3

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (14)

http://www.debian.org/security/2017/dsa-3811

Source: cve@mitre.org

http://www.securityfocus.com/bid/95798

Source: cve@mitre.org

http://www.securitytracker.com/id/1037694

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://code.wireshark.org/review/#/c/19747/

Source: cve@mitre.org

PatchVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=57894f741f7cc98b46c9fdce7eee8256d2a4ae3f

Source: cve@mitre.org

https://www.wireshark.org/security/wnpa-sec-2017-02.html

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2017/dsa-3811

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/95798

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1037694

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://code.wireshark.org/review/#/c/19747/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=57894f741f7cc98b46c9fdce7eee8256d2a4ae3f

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.wireshark.org/security/wnpa-sec-2017-02.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.