Wireshark 2.4.0 < 2.4.2 / 2.2.0 < 2.2.10 - CIP Safety Dissector Crash

• Exploit Database
• 16 阅读

• 作者： Wireshark
  日期： 2017-12-07
• 类别：

  • dos
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/43233/

• Summary
  
  Name: CIP Safety dissector crash
  
  Docid: wnpa-sec-2017-49
  
  Date: November 30, 2017
  
  Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10
  
  Fixed versions: 2.4.3, 2.2.11
  
  References: 
  Wireshark bug 14250
  
  Details
  
  Description
  The CIP Safety dissector could crash.
  Impact
  It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
  
  Resolution
  Upgrade to Wireshark 2.4.3, 2.2.11 or later.
  
  
  Proof of Concept:
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/43233.zip