CVE-2017-15189 Wireshark Multiple Vulnerabilities (wnpa-sec-2017-42 to wnpa-sec-2017-46)

漏洞类别:Local

漏洞等级:

漏洞信息

Wireshark is a network protocol analyzer available for multiple operating systems. It lets you capture and interactively browse the traffic running on a computer network.

This Wireshark update fixes the following vulnerabilities:
The DOCSIS dissector could go into an infinite loop.[CVE-2017-15189].
The RTSP dissector could crash.[CVE-2017-15190].
The DMP dissector could crash. Discovered by the OSS-Fuzz project.[CVE-2017-15191].
The Bluetooth Attribute Protocol dissector could crash. Discovered by the OSS-Fuzz project.[CVE-2017-15192].
The MBIM dissector could crash or exhaust system memory.[CVE-2017-15193].
Affected Versions
Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, 2.0.0 to 2.0.15

QID Detection Logic(Authenticated)
It checks for vulnerable version of Wireshark.

漏洞危害

The vendor has issued a fix (2.4.2,2.2.10,2.0.16).
The latest version is available for download from Wireshark.

解决方案

N/A

Patch:
Following are links for downloading patches to fix the vulnerabilities:

wnpa-sec-2017-42 to wnpa-sec-2017-46: Windows

Leave a Reply