The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Wireshark: infinite loop via STANAG 4607

Synthesis of the vulnerability 

An attacker can generate an infinite loop via STANAG 4607 of Wireshark, in order to trigger a denial of service.
Impacted software: Debian, Fedora, Solaris, Wireshark.
Severity of this computer vulnerability: 1/4.
Creation date: 20/02/2017.
Références of this announce: 13416, bulletinapr2017, CVE-2017-6014, DLA-826-1, DSA-3811-1, FEDORA-2017-4373306257, FEDORA-2018-cdf3f8e8b0, VIGILANCE-VUL-21886.

Description of the vulnerability 

An attacker can generate an infinite loop via STANAG 4607 of Wireshark, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security alert impacts software or systems such as Debian, Fedora, Solaris, Wireshark.

Our Vigil@nce team determined that the severity of this security weakness is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this security announce.

Solutions for this threat 

Wireshark: patch for STANAG 4607.
A patch is available:
  https://code.wireshark.org/review/20133
  https://code.wireshark.org/review/20134
  https://code.wireshark.org/review/20135

Debian 7: new wireshark packages.
New packages are available:
  Debian 7: wireshark 1.12.1+g01b65bf-4+deb8u6~deb7u6

Debian 8: new wireshark packages.
New packages are available:
  Debian 8: wireshark 1.12.1+g01b65bf-4+deb8u11

Fedora 25: new wireshark packages.
New packages are available:
  Fedora 25: wireshark 2.2.6-1.fc25

Fedora 27: new wireshark packages.
New packages are available:
  Fedora 27: wireshark 2.4.5-3.fc27

Oracle Solaris: patch for third party software of April 2017 v4.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer vulnerability analysis. The Vigil@nce vulnerability database contains several thousand vulnerabilities.