Wireshark: >> Wireshark >> 2.2.6 Security Vulnerabilities
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-06-02
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-06-02
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
CVSS Score
7.5
EPSS Score
0.08
Published
2017-06-02
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-06-02
Page 10