CVE-2017-7746

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
wiresharkwireshark
2.0.0
wiresharkwireshark
2.0.1
wiresharkwireshark
2.0.2
wiresharkwireshark
2.0.3
wiresharkwireshark
2.0.4
wiresharkwireshark
2.0.5
wiresharkwireshark
2.0.6
wiresharkwireshark
2.0.7
wiresharkwireshark
2.0.8
wiresharkwireshark
2.0.9
wiresharkwireshark
2.0.10
wiresharkwireshark
2.0.11
wiresharkwireshark
2.2.0
wiresharkwireshark
2.2.1
wiresharkwireshark
2.2.2
wiresharkwireshark
2.2.3
wiresharkwireshark
2.2.4
wiresharkwireshark
2.2.5
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bullseye
3.4.10-0+deb11u1
fixed
wheezy
no-dsa
bullseye (security)
3.4.16-0+deb11u1
fixed
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
trixie
4.4.0-1
fixed
sid
4.4.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wireshark
bionic
Fixed 2.6.3-1~ubuntu18.04.1
released
artful
Fixed 2.2.6+g32dac6a-2
released
zesty
Fixed 2.2.6+g32dac6a-2ubuntu0.17.04
released
yakkety
Fixed 2.2.6+g32dac6a-2ubuntu0.16.10
released
xenial
Fixed 2.6.3-1~ubuntu16.04.1
released
trusty
Fixed 2.6.3-1~ubuntu14.04.1
released
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97635
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13576
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=58e69cc769dea24b721abd8a29f9eedc11024b7e
https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
https://www.wireshark.org/security/wnpa-sec-2017-19.html
http://www.securityfocus.com/bid/97635
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13576
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=58e69cc769dea24b721abd8a29f9eedc11024b7e
https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
https://www.wireshark.org/security/wnpa-sec-2017-19.html