Upstream information

CVE-2017-7703 at MITRE

Description

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 1033939 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.2
  • wireshark >= 2.2.6-14.3.1
  • wireshark-debuginfo >= 2.2.6-14.3.1
  • wireshark-debugsource >= 2.2.6-14.3.1
  • wireshark-devel >= 2.2.6-14.3.1
  • wireshark-ui-gtk >= 2.2.6-14.3.1
  • wireshark-ui-gtk-debuginfo >= 2.2.6-14.3.1
  • wireshark-ui-qt >= 2.2.6-14.3.1
  • wireshark-ui-qt-debuginfo >= 2.2.6-14.3.1
Patchnames:
openSUSE-2017-503

List of packages in QA

Product(s) Package(s)
SUSE Linux Enterprise Server 11 SP4
  • wireshark >= 2.0.12-36.1
  • wireshark-gtk >= 2.0.12-36.1
SUSE Linux Enterprise Software Development Kit 11 SP4
  • wireshark >= 2.0.12-36.1
  • wireshark-devel >= 2.0.12-36.1
  • wireshark-gtk >= 2.0.12-36.1