Summary: | <net-analyzer/wireshark-2.2.7: Multiple Vulnerabilities (CVE-2017-{9616,9617,9766}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Volkan <vBugZilla> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | glsamaker, netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.wireshark.org/lists/wireshark-announce/201707/msg00000.html | ||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=1464048 https://bugs.gentoo.org/show_bug.cgi?id=635686 |
||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 629370, 635686 | ||
Bug Blocks: |
Description
Volkan
2017-07-17 22:12:50 UTC
CVE-2017-9766 https://bugzilla.redhat.com/show_bug.cgi?id=1464051 In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. Upstream issue: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811 *** Bug 634700 has been marked as a duplicate of this bug. *** There will be no GLSA. The tree is clean. Michael Boyle Gentoo Security Padawan |