Upstream information

CVE-2017-7700 at MITRE

Description

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.

SUSE information

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 7.12 1.85
Vector AV:N/AC:M/Au:N/C:N/I:N/A:C AV:L/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network Local
Access Complexity Medium Medium
Authentication None None
Confidentiality Impact None None
Integrity Impact None None
Availability Impact Complete Partial
SUSE Bugzilla entry: 1033936 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.2
  • wireshark >= 2.2.6-14.3.1
  • wireshark-debuginfo >= 2.2.6-14.3.1
  • wireshark-debugsource >= 2.2.6-14.3.1
  • wireshark-devel >= 2.2.6-14.3.1
  • wireshark-ui-gtk >= 2.2.6-14.3.1
  • wireshark-ui-gtk-debuginfo >= 2.2.6-14.3.1
  • wireshark-ui-qt >= 2.2.6-14.3.1
  • wireshark-ui-qt-debuginfo >= 2.2.6-14.3.1
Patchnames:
openSUSE-2017-503

List of packages in QA

Product(s) Package(s)
SUSE Linux Enterprise Server 11 SP4
  • wireshark >= 2.0.12-36.1
  • wireshark-gtk >= 2.0.12-36.1
SUSE Linux Enterprise Software Development Kit 11 SP4
  • wireshark >= 2.0.12-36.1
  • wireshark-devel >= 2.0.12-36.1
  • wireshark-gtk >= 2.0.12-36.1