PT-2017-19172 · Wireshark+2 · Wireshark+2

Published

2017-06-21

Updated

2019-10-03

CVE-2017-9766

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark version 2.2.7

Description The issue allows remote attackers to cause a denial of service, specifically a stack exhaustion, in the dissect IODWriteReq function. This occurs when handling PROFINET IO data with a high recursion depth.

Recommendations For Wireshark version 2.2.7, consider updating to a newer version to mitigate the risk of stack exhaustion due to high recursion depth in PROFINET IO data handling. As a temporary workaround, restrict the handling of PROFINET IO data to minimize the risk of exploitation.

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2017-1920

CVE-2017-9766

DLA-1634-1

SUSE-SU-2017:2555-1

SUSE-SU-2018:0054-1

Affected Products

Alt Linux

Suse

Wireshark

PT-2017-19172 · Wireshark+2 · Wireshark+2

CVE-2017-9766

Weakness Enumeration

Related Identifiers

Affected Products

References · 112