7.5

CVE-2017-17085

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.

Data is provided by the National Vulnerability Database (NVD)
WiresharkWireshark Version2.2.0
WiresharkWireshark Version2.2.1
WiresharkWireshark Version2.2.2
WiresharkWireshark Version2.2.3
WiresharkWireshark Version2.2.4
WiresharkWireshark Version2.2.5
WiresharkWireshark Version2.2.6
WiresharkWireshark Version2.2.7
WiresharkWireshark Version2.2.8
WiresharkWireshark Version2.2.9
WiresharkWireshark Version2.2.10
WiresharkWireshark Version2.4.0
WiresharkWireshark Version2.4.1
WiresharkWireshark Version2.4.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 10.4% 0.929
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

http://www.securityfocus.com/bid/102071
Third Party Advisory
VDB Entry