漏洞类别:Local
漏洞等级: 
漏洞信息
Wireshark is a network protocol analyzer available for multiple operating systems. It lets you capture and interactively browse the traffic running on a computer network.
This Wireshark update fixes the following vulnerabilities:
The DOCSIS dissector could go into an infinite loop.[CVE-2017-15189].
The RTSP dissector could crash.[CVE-2017-15190].
The DMP dissector could crash. Discovered by the OSS-Fuzz project.[CVE-2017-15191].
The Bluetooth Attribute Protocol dissector could crash. Discovered by the OSS-Fuzz project.[CVE-2017-15192].
The MBIM dissector could crash or exhaust system memory.[CVE-2017-15193].
Affected Versions
Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, 2.0.0 to 2.0.15
QID Detection Logic(Authenticated)
It checks for vulnerable version of Wireshark.
漏洞危害
The vendor has issued a fix (2.4.2,2.2.10,2.0.16).
The latest version is available for download from Wireshark.
解决方案
N/A
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论