7.5

CVE-2017-17085

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version2.2.0
WiresharkWireshark Version2.2.1
WiresharkWireshark Version2.2.2
WiresharkWireshark Version2.2.3
WiresharkWireshark Version2.2.4
WiresharkWireshark Version2.2.5
WiresharkWireshark Version2.2.6
WiresharkWireshark Version2.2.7
WiresharkWireshark Version2.2.8
WiresharkWireshark Version2.2.9
WiresharkWireshark Version2.2.10
WiresharkWireshark Version2.4.0
WiresharkWireshark Version2.4.1
WiresharkWireshark Version2.4.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.79% 0.966
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://lists.debian.org/debian-lts-announce/2017/12/msg00029.html
https://www.debian.org/security/2017/dsa-4060
Third Party Advisory
http://www.securityfocus.com/bid/102071
Third Party Advisory
VDB Entry
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250
Vendor Advisory
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f5939debe96e3c3953c6020818f1fbb80eb83ce8
https://www.exploit-db.com/exploits/43233/
https://www.wireshark.org/security/wnpa-sec-2017-49.html
Vendor Advisory