← Back

CVE-2017-7746

nvd nist
Published: Apr 12, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.

Affected (19)

Wireshark
1 product
Wireshark
Debian
1 product
Debian Linux
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
Wireshark
Wireshark
Version 2.0.0
Wireshark
Version 2.0.10
Wireshark
Version 2.0.11
Wireshark
Version 2.0.1
Wireshark
Version 2.0.2
Wireshark
Version 2.0.3
Wireshark
Version 2.0.4
Wireshark
Version 2.0.5
Wireshark
Version 2.0.6
Wireshark
Version 2.0.7
Wireshark
Version 2.0.8
Wireshark
Version 2.0.9
Wireshark
Version 2.2.0
Wireshark
Version 2.2.1
Wireshark
Version 2.2.2
Wireshark
Version 2.2.3
Wireshark
Version 2.2.4
Wireshark
Version 2.2.5
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 8.0

Related CWEs

CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (10)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Issue TrackingPatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.