CVE-2017-6014

Published: Feb 17, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

Affected (2)

Products: Wireshark: Wireshark · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Up to 2.2.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (8)

http://www.debian.org/security/2017/dsa-3811

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/96284

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://security.gentoo.org/glsa/201706-12

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2017/dsa-3811

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/96284

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://security.gentoo.org/glsa/201706-12

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.