| Snyk

Threat Intelligence

0.32% (71^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RHEL7-WIRESHARKGNOME-1360948
published26 Jul 2021
disclosed18 Jul 2017

Report a new vulnerability Found a mistake?

Introduced: 18 Jul 2017

CVE-2017-11408 (opens in a new tab) CWE-20 (opens in a new tab)

How to fix?

There is no fixed version for RHEL:7 wireshark-gnome.

NVD Description

Note: Versions mentioned in the description apply only to the upstream wireshark-gnome package and not the wireshark-gnome package as distributed by RHEL. See How to fix? for RHEL:7 relevant fixed versions and status.

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.

References

http://www.securityfocus.com/bid/99894
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a102c172b0b2fe231fdb49f4f6694603f5b93b0c
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e57c86ef8e3b57b7f90c224f6053d1eacf20e1ba
https://www.wireshark.org/security/wnpa-sec-2017-34.html
https://access.redhat.com/security/cve/CVE-2017-11408
https://www.debian.org/security/2017/dsa-4060
https://lists.debian.org/debian-lts-announce/2017/12/msg00029.html
http://www.securitytracker.com/id/1038966
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a102c172b0b2fe231fdb49f4f6694603f5b93b0c
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e57c86ef8e3b57b7f90c224f6053d1eacf20e1ba

Improper Input Validation Affecting wireshark-gnome package, versions *

Severity