CVE-2017-7700 - OpenCVE

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Wireshark	Wireshark

Configuration 1 [-]

OR	cpe:2.3:a:wireshark:wireshark::::::::
	cpe:2.3:a:wireshark:wireshark::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/97631	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038262	Third Party Advisory VDB Entry
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478	Issue Tracking Patch
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=8fc0af859de4993951a915ad735be350221f3f53
https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201706-12	Third Party Advisory
https://www.wireshark.org/security/wnpa-sec-2017-14.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-12T23:00:00

Updated: 2019-01-16T10:57:01

Reserved: 2017-04-11T00:00:00

Link: CVE-2017-7700

JSON object: View

NVD Information

Status : Modified

Published: 2017-04-12T23:59:00.153

Modified: 2023-11-07T02:50:15.433

Link: CVE-2017-7700

JSON object: View

Redhat Information

No data.

CWE

CWE-835

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-12T00:00:00", "descriptions": [{"lang": "en", "value": "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-16T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.wireshark.org/security/wnpa-sec-2017-14.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=8fc0af859de4993951a915ad735be350221f3f53"}, {"name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"}, {"name": "97631", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97631"}, {"name": "1038262", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038262"}, {"name": "GLSA-201706-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201706-12"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7700", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478"}, {"name": "https://www.wireshark.org/security/wnpa-sec-2017-14.html", "refsource": "CONFIRM", "url": "https://www.wireshark.org/security/wnpa-sec-2017-14.html"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fc0af859de4993951a915ad735be350221f3f53", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fc0af859de4993951a915ad735be350221f3f53"}, {"name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"}, {"name": "97631", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97631"}, {"name": "1038262", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038262"}, {"name": "GLSA-201706-12", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201706-12"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7700", "datePublished": "2017-04-12T23:00:00", "dateReserved": "2017-04-11T00:00:00", "dateUpdated": "2019-01-16T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "34C9C7DF-BF75-489C-9F2E-4A2624CF8686", "versionEndIncluding": "2.0.11", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "A17281EB-80A9-47D0-8F64-5B6151B4C475", "versionEndIncluding": "2.2.5", "versionStartIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size."}, {"lang": "es", "value": "En Wireshark 2.2.0 a 2.2.5 y 2.0.0 a 2.0.11, el analizador de archivos NetScaler podr\u00eda entrar en un bucle infinito, desencadenado por un archivo de captura malformado. Esto se trat\u00f3 en wiretap/netscaler.c asegurando un tama\u00f1o de registro distinto a cero."}], "id": "CVE-2017-7700", "lastModified": "2023-11-07T02:50:15.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-12T23:59:00.153", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97631"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038262"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=8fc0af859de4993951a915ad735be350221f3f53"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201706-12"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2017-14.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}