7.5
CVE-2017-9354
- EPSS 2.81%
- Veröffentlicht 02.06.2017 05:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.81% | 0.847 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.securitytracker.com/id/1038612
http://www.securityfocus.com/bid/98802
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1243
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=3a77395e651acd81eb41ffd8fbdbf711e1133d76
https://www.wireshark.org/security/wnpa-sec-2017-32.html