Bugzilla – Bug 1148191
VUL-0: CVE-2017-6474: wireshark: NetScaler file parser infinite loop (wnpa-sec-2017-07)
Last modified: 2020-08-13 11:52:26 UTC
CVE-2017-6474 It was reported that Wireshark's NetScaler file parser could loop infinitely. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Upstream bug(s): https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13429 External References: https://www.wireshark.org/security/wnpa-sec-2017-07.html References: https://bugzilla.redhat.com/show_bug.cgi?id=1429583 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6474 http://www.debian.org/security/2017/dsa-3811 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6474.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6474 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13429 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a998c9195f183d85f5b0bbeebba21a2d4d303d47 http://www.securityfocus.com/bid/96566 https://www.wireshark.org/security/wnpa-sec-2017-07.html
This issue was fixed in all code streams but never mentioned in the .changes file. See also the tracking bug for a number of adjacent CVEs: https://bugzilla.suse.com/show_bug.cgi?id=1027998
fixed