header-logo
Suggest Exploit
vendor:
Wireshark
by:
wnpa-sec
7,5
CVSS
HIGH
Denial of Service (DoS)
20
CWE
Product Name: Wireshark
Affected Version From: 2.4.0
Affected Version To: 2.2.10
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2017

CIP Safety dissector crash

The CIP Safety dissector could crash, making Wireshark vulnerable to a Denial of Service attack. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Mitigation:

Upgrade to Wireshark 2.4.3, 2.2.11 or later.
Source

Exploit-DB raw data:

Summary

Name: CIP Safety dissector crash

Docid: wnpa-sec-2017-49

Date: November 30, 2017

Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10

Fixed versions: 2.4.3, 2.2.11

References: 
Wireshark bug 14250

Details

Description
The CIP Safety dissector could crash.
Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution
Upgrade to Wireshark 2.4.3, 2.2.11 or later.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/43233.zip

Navigation

Suggest Exploit

Services By CQR