CVE-2017-17935 - OpenCVE

The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Wireshark	Wireshark

Configuration 1 [-]

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/102311	Third Party Advisory VDB Entry
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295	Issue Tracking
https://code.wireshark.org/review/#/c/24997/	Issue Tracking Patch
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1
https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-27T07:00:00

Updated: 2019-01-16T10:57:01

Reserved: 2017-12-27T00:00:00

Link: CVE-2017-17935

JSON object: View

NVD Information

Status : Modified

Published: 2017-12-27T17:08:22.953

Modified: 2023-11-07T02:41:48.513

Link: CVE-2017-17935

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-16T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295"}, {"tags": ["x_refsource_MISC"], "url": "https://code.wireshark.org/review/#/c/24997/"}, {"name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"}, {"name": "102311", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102311"}, {"tags": ["x_refsource_MISC"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17935", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295", "refsource": "MISC", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295"}, {"name": "https://code.wireshark.org/review/#/c/24997/", "refsource": "MISC", "url": "https://code.wireshark.org/review/#/c/24997/"}, {"name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"}, {"name": "102311", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102311"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1", "refsource": "MISC", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17935", "datePublished": "2017-12-27T07:00:00", "dateReserved": "2017-12-27T00:00:00", "dateUpdated": "2019-01-16T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "811B37E3-6A76-462A-B61C-E532F6C958B7", "versionEndIncluding": "2.2.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line."}, {"lang": "es", "value": "La funci\u00f3n File_read_line en epan/wslua/wslua_file.c en Wireshark hasta la versi\u00f3n 2.2.11 no elimina correctamente caracteres \"\\n\", lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (subdesbordamiento de b\u00fafer y cierre inesperado de la aplicaci\u00f3n) mediante un paquete manipulado que da lugar al intento de procesamiento de una l\u00ednea vac\u00eda."}], "id": "CVE-2017-17935", "lastModified": "2023-11-07T02:41:48.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-27T17:08:22.953", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102311"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://code.wireshark.org/review/#/c/24997/"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}