SB2017102315 - Improper input validation in wireshark (Alpine package)
Published: October 23, 2017
Security Bulletin ID
SB2017102315
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2017-15192)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet onto the wire or convince the victim into reading a malformed packet trace file and cause the Bluetooth Attribute Protocol dissector to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=cc155764f9b6db4e36800a96ce33182a294ed25b
- https://git.alpinelinux.org/aports/commit/?id=172c0bd3e6c3e2b6dab46dae04008d430f0d44a5
- https://git.alpinelinux.org/aports/commit/?id=e01525f73e0d680e446b5cd1850220629d310c02
- https://git.alpinelinux.org/aports/commit/?id=7b82312acce4259459d23ed5cdf2d83b7187aab6
- https://git.alpinelinux.org/aports/commit/?id=2bb9ce2b3f960a3b8bfd71bda6a5998bdfa56f6c