Vulnerabilities > CVE-2017-17935 - Out-of-bounds Read vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1634.NASL description Several issues in wireshark, a tool that captures and analyzes packets off the wire, have been found by different people. These are basically issues with length checks or invalid memory access in different dissectors. This could result in infinite loops or crashes by malicious packets. For Debian 8 last seen 2020-03-17 modified 2019-01-16 plugin id 121193 published 2019-01-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121193 title Debian DLA-1634-1 : wireshark security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0179-1.NASL description This update for wireshark to version 2.2.12 fixes the following issues : - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of last seen 2020-06-01 modified 2020-06-02 plugin id 106293 published 2018-01-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106293 title SUSE SLES11 Security Update : wireshark (SUSE-SU-2018:0179-1) (Spectre) NASL family Fedora Local Security Checks NASL id FEDORA_2018-8C3A01CC65.NASL description Security fix for CVE-2017-17935, rebase to 2.4.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-31 plugin id 106519 published 2018-01-31 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106519 title Fedora 27 : 1:wireshark (2018-8c3a01cc65) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0191-1.NASL description This update for wireshark to version 2.2.12 fixes the following issues : - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of last seen 2020-06-01 modified 2020-06-02 plugin id 106342 published 2018-01-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106342 title SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2018:0191-1) (Spectre)
References
- https://code.wireshark.org/review/#/c/24997/
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295
- http://www.securityfocus.com/bid/102311
- https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1