PT-2017-17090 · Wireshark+1 · Wireshark+1

Published

2017-03-03

Updated

2024-06-15

CVE-2017-6470

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 2.0.0 through 2.0.10 Wireshark versions 2.2.0 through 2.2.4

Description There is an IAX2 infinite loop issue, triggered by packet injection or a malformed capture file. This issue was addressed by constraining packet lateness in the epan/dissectors/packet-iax2.c file.

Recommendations For Wireshark versions 2.0.0 through 2.0.10, update to a version that includes the fix for the IAX2 infinite loop issue. For Wireshark versions 2.2.0 through 2.2.4, update to a version that includes the fix for the IAX2 infinite loop issue. As a temporary workaround, consider avoiding the use of malformed capture files or packet injection until a patch is available.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2017-1260

CVE-2017-6470

DLA-858-1

DSA-3811-1

OPENSUSE-SU-2024:11513-1

Affected Products

Alt Linux

Wireshark

PT-2017-17090 · Wireshark+1 · Wireshark+1

CVE-2017-6470

Weakness Enumeration

Related Identifiers

Affected Products

References · 196