Upstream information

CVE-2017-7748 at MITRE

Description

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.79
Vector AV:N/AC:L/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entry: 1033945 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.2
  • wireshark >= 2.2.6-14.3.1
  • wireshark-debuginfo >= 2.2.6-14.3.1
  • wireshark-debugsource >= 2.2.6-14.3.1
  • wireshark-devel >= 2.2.6-14.3.1
  • wireshark-ui-gtk >= 2.2.6-14.3.1
  • wireshark-ui-gtk-debuginfo >= 2.2.6-14.3.1
  • wireshark-ui-qt >= 2.2.6-14.3.1
  • wireshark-ui-qt-debuginfo >= 2.2.6-14.3.1
Patchnames:
openSUSE-2017-503

List of packages in QA

Product(s) Package(s)
SUSE Linux Enterprise Server 11 SP4
  • wireshark >= 2.0.12-36.1
  • wireshark-gtk >= 2.0.12-36.1
SUSE Linux Enterprise Software Development Kit 11 SP4
  • wireshark >= 2.0.12-36.1
  • wireshark-devel >= 2.0.12-36.1
  • wireshark-gtk >= 2.0.12-36.1