CVE-2017-15189 - Vulnerability Details - OpenCVE

In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00361.

Key SSVC decision points have not yet been added.

Vendors	Products
Wireshark	Wireshark

Configuration 1 [-]

OR	cpe:2.3:a:wireshark:wireshark:2.4.0:::::::*
	cpe:2.3:a:wireshark:wireshark:2.4.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2017-6649	In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/101228
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
https://code.wireshark.org/review/23663
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=625bab309d9dd21db2d8ae2aa3511810d32842a8
https://nvd.nist.gov/vuln/detail/CVE-2017-15189
https://www.cve.org/CVERecord?id=CVE-2017-15189
https://www.wireshark.org/security/wnpa-sec-2017-46.html

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00424}`	epss `{'score': 0.00361}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-10T21:00:00

Updated: 2024-08-05T19:50:16.219Z

Reserved: 2017-10-09T00:00:00

Link: CVE-2017-15189

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-10-10T21:29:00.273

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-15189

Redhat

Severity : Moderate

Publid Date: 2017-10-10T00:00:00Z

Links: CVE-2017-15189 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-10T00:00:00", "descriptions": [{"lang": "en", "value": "In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-13T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "101228", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101228"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=625bab309d9dd21db2d8ae2aa3511810d32842a8"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.wireshark.org/review/23663"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.wireshark.org/security/wnpa-sec-2017-46.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15189", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "101228", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101228"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8"}, {"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080"}, {"name": "https://code.wireshark.org/review/23663", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/23663"}, {"name": "https://www.wireshark.org/security/wnpa-sec-2017-46.html", "refsource": "CONFIRM", "url": "https://www.wireshark.org/security/wnpa-sec-2017-46.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:50:16.219Z"}, "title": "CVE Program Container", "references": [{"name": "101228", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101228"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=625bab309d9dd21db2d8ae2aa3511810d32842a8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.wireshark.org/review/23663"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.wireshark.org/security/wnpa-sec-2017-46.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15189", "datePublished": "2017-10-10T21:00:00", "dateReserved": "2017-10-09T00:00:00", "dateUpdated": "2024-08-05T19:50:16.219Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "999B2C81-6C7D-443F-9FE8-F250D9C99735", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "354F160E-7CA9-4D8E-A447-42E500922EB2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements."}, {"lang": "es", "value": "En Wireshark, desde la versi\u00f3n 2.4.0 hasta la 2.4.1, el disector DOCSIS podr\u00eda entrar en un bucle infinito. Esto se trat\u00f3 en plugins/docsis/packet-docsis.c a\u00f1adiendo decrementos."}], "id": "CVE-2017-15189", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-10T21:29:00.273", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101228"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://code.wireshark.org/review/23663"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=625bab309d9dd21db2d8ae2aa3511810d32842a8"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2017-46.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101228"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://code.wireshark.org/review/23663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=625bab309d9dd21db2d8ae2aa3511810d32842a8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2017-46.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}