7.5

CVE-2017-9353

Exploit
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version >= 2.2.0 <= 2.2.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.01% 0.961
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1038612
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/98805
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1303
Third Party Advisory
Issue Tracking
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675
Patch
Vendor Advisory
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=40b2d475c2ad550c1a0f536d5eb30f2a7404c4f0
https://www.exploit-db.com/exploits/42123/
Third Party Advisory
Exploit
VDB Entry
https://www.wireshark.org/security/wnpa-sec-2017-33.html
Vendor Advisory