CVE-2017-13764 Wireshark Multiple Vulnerabilities (wnpa-sec-2017-38 to wnpa-sec-2017-41)

漏洞类别:Local

漏洞等级:

漏洞信息

Wireshark is a network protocol analyzer available for multiple operating systems. It lets you capture and interactively browse the traffic running on a computer network.

A remote user can cause the target service to consume excessive CPU resources or crash.
The MSDP dissector is affected [CVE-2017-13767].
The IrCOMM dissector is affected by a buffer overread [CVE-2017-13765].
The Profinet I/O dissector is affected by a buffer overrun [CVE-2017-13766].
The Modbus dissector is affected [CVE-2017-13764].

Affected Versions
Wireshark 2.0.0 to 2.0.14, 2.2.0 to 2.2.8, 2.4.0

漏洞危害

A remote user can cause the target service to consume excessive CPU resources or crash.

解决方案

The vendor has issued a fix (2.0.15, 2.2.9, 2.4.1).
The latest version is available for download from Wireshark.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

wnpa-sec-2017-38 to wnpa-sec-2017-41: Windows

Leave a Reply