Bugzilla – Bug 1074171
VUL-0: CVE-2017-17935: wireshark: File_read_line function bad '\n' handling could lead to denial of service
Last modified: 2018-02-21 06:26:03 UTC
CVE-2017-17935 The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17935 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1 https://code.wireshark.org/review/#/c/24997/ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295
This is an autogenerated message for OBS integration: This bug (1074171) was mentioned in https://build.opensuse.org/request/show/563930 42.2+42.3 / wireshark
openSUSE-SU-2018:0090-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1074171,1075737,1075738,1075739,1075748 CVE References: CVE-2017-17997,CVE-2018-5334,CVE-2018-5335,CVE-2018-5336 Sources used: openSUSE Leap 42.3 (src): wireshark-2.2.12-32.1 openSUSE Leap 42.2 (src): wireshark-2.2.12-14.24.1
This bug is not mentioned in the release notes, but actually it is fixed, commid it 42ea057f07c2444051c49256601c496a7395f48d
For SLE11: https://build.suse.de/request/show/151951 For SLE12: https://build.suse.de/request/show/151950
SUSE-SU-2018:0179-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1074171,1075737,1075738,1075739,1075748 CVE References: CVE-2017-17935,CVE-2018-5334,CVE-2018-5335,CVE-2018-5336 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Server 11-SP4 (src): wireshark-2.2.12-40.17.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): wireshark-2.2.12-40.17.1
SUSE-SU-2018:0191-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1074171,1075737,1075738,1075739,1075748 CVE References: CVE-2017-17935,CVE-2018-5334,CVE-2018-5335,CVE-2018-5336 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): wireshark-2.2.12-48.18.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): wireshark-2.2.12-48.18.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): wireshark-2.2.12-48.18.1 SUSE Linux Enterprise Server 12-SP3 (src): wireshark-2.2.12-48.18.1 SUSE Linux Enterprise Server 12-SP2 (src): wireshark-2.2.12-48.18.1 SUSE Linux Enterprise Desktop 12-SP3 (src): wireshark-2.2.12-48.18.1 SUSE Linux Enterprise Desktop 12-SP2 (src): wireshark-2.2.12-48.18.1
released