Wireshark up to 2.2.7 AMQP Dissector packet-amqp.c Packet input validation
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.8 | $0-$5k | 0.00 |
A vulnerability classified as problematic was found in Wireshark (Packet Analyzer Software). Affected by this vulnerability is some unknown processing of the file epan/dissectors/packet-amqp.c of the component AMQP Dissector. The manipulation as part of a Packet leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. As an impact it is known to affect availability. The summary by CVE is:
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.
The bug was discovered 07/18/2017. The weakness was presented 07/18/2017 (Website). The advisory is shared at wireshark.org. This vulnerability is known as CVE-2017-11408 since 07/17/2017. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 101897 (Wireshark 2.0.x < 2.0.14 / 2.2.x < 2.2.8 Multiple DoS (macOS)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family MacOS X Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 170219 (OpenSUSE Security Update for Wireshark (openSUSE-SU-2017:1958-1)).
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (101897). See 102550, 103751, 103752 and 103754 for similar entries.
Product
Type
Name
Version
- 2.0.0
- 2.0.1
- 2.0.2
- 2.0.3
- 2.0.4
- 2.0.5
- 2.0.6
- 2.0.7
- 2.0.8
- 2.0.9
- 2.0.10
- 2.0.11
- 2.0.12
- 2.0.13
- 2.2.0
- 2.2.1
- 2.2.2
- 2.2.3
- 2.2.4
- 2.2.5
- 2.2.6
- 2.2.7
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.8
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 101897
Nessus Name: Wireshark 2.0.x < 2.0.14 / 2.2.x < 2.2.8 Multiple DoS (macOS)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 803068
OpenVAS Name: Wireshark Multiple DoS Vulnerabilities Jul17 (Windows)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: a102c172b0b2fe231fdb49f4f6694603f5b93b0c
Timeline
07/17/2017 🔍07/18/2017 🔍
07/18/2017 🔍
07/18/2017 🔍
07/18/2017 🔍
07/18/2017 🔍
07/19/2017 🔍
07/20/2017 🔍
07/21/2017 🔍
12/13/2022 🔍
Sources
Product: wireshark.orgAdvisory: DLA 1226-1
Researcher: Peter Wu
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-11408 (🔍)
OVAL: 🔍
SecurityTracker: 1038966
SecurityFocus: 99894 - Wireshark AMQP Dissector CVE-2017-11408 Denial of Service Vulnerability
See also: 🔍
Entry
Created: 07/19/2017 09:34Updated: 12/13/2022 09:00
Changes: 07/19/2017 09:34 (79), 02/07/2020 08:14 (5), 01/01/2021 19:19 (3), 12/13/2022 09:00 (5)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.