In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Wireshark
  • Wireshark

Configuration 1 [-]

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.securityfocus.com/bid/99903 cve-icon cve-icon
http://www.securitytracker.com/id/1038966 cve-icon cve-icon
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797 cve-icon cve-icon
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2017-11406 cve-icon
https://www.cve.org/CVERecord?id=CVE-2017-11406 cve-icon
https://www.wireshark.org/security/wnpa-sec-2017-36.html cve-icon cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-18T21:00:00

Updated: 2024-08-05T18:05:30.514Z

Reserved: 2017-07-17T00:00:00

Link: CVE-2017-11406

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-07-18T21:29:00.250

Modified: 2023-11-07T02:38:13.457

Link: CVE-2017-11406

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-07-18T00:00:00Z

Links: CVE-2017-11406 - Bugzilla