Wireshark ‘dissectors/asn1/ros/packet-ros-template.c’ Denial of Service Vulnerability

by CIRT Team

Description: In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.

Impact: Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions.

Mitigation: Upgrade to Wireshark 2.2.7 or later.

Reference URL’s:

• http://www.securityfocus.com/bid/98800/info
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9347
• https://www.wireshark.org/security/wnpa-sec-2017-31.html

CIRT Team

Recommended Posts

Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers

08 Feb 2024 - Articles, English articles, Security Advisories & Alerts

বাংলাদেশের আইটি কাঠামোয় তথ্য চুরির ম্যালওয়ারের বিস্তার সম্পর্কে সতর্কতা

18 Jan 2024 - Articles, Bangla Articles, News, Security Advisories & Alerts

সাইবার থ্রেট এলার্টঃ বাংলাদেশকে লক্ষ্য করে চলমান ফিশিং ক্যাম্পেইন

04 Jan 2024 - News, Security Advisories & Alerts