CVE-2017-13765 Information
Feb 14, 2021
cve
Description
In Wireshark 2.4.0 2.2.0 to 2.2.8 and 2.0.0 to 2.0.14 the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
http://www.securityfocus.com/bid/100551 http://www.securitytracker.com/id/1039254 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94666d4357096fc45e3bcad3d9414a14f0831bc8 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2017-41.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: