VDB
CVE-2017-6014
CVE-2017-6014
PUBLISHED
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
EPSS 0.42% · 62.4th percentile
Risk Scores
EPSS Score
0.42%
62.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | wireshark | 0, 1.12.8+g5b6e543-2, 2.0.1+g59ea380-3build1 |
| Ubuntu:14.04:LTS | wireshark | 0, 1.10.3-1, 1.10.2-1 |
Exploit Intelligence
- 96284 (circl)
- GLSA-201706-12 (circl)
- DSA-3811 (circl)
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416 (circl)
Timeline
- Feb 17, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-6014 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-6014 third-party-advisory