CVE-2017-17085 : What You Need to Know

Wireshark versions 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10 were affected by a vulnerability in the CIP Safety dissector, leading to crashes. The issue has been resolved by implementing packet length verification.

Understanding CVE-2017-17085

This CVE entry addresses a vulnerability in Wireshark that could cause the CIP Safety dissector to crash.

What is CVE-2017-17085?

In Wireshark versions 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, a flaw in the CIP Safety dissector could lead to crashes. The problem was mitigated by introducing packet length validation in the affected code.

The Impact of CVE-2017-17085

The vulnerability could be exploited by an attacker to crash Wireshark instances using the affected versions, potentially leading to denial of service.

Technical Details of CVE-2017-17085

This section provides more in-depth technical insights into the CVE.

Vulnerability Description

The vulnerability in Wireshark versions 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10 allowed the CIP Safety dissector to crash, posing a risk of denial of service.

Affected Systems and Versions

Wireshark 2.4.0 to 2.4.2
Wireshark 2.2.0 to 2.2.10

Exploitation Mechanism

Attackers could exploit this vulnerability by sending specially crafted packets to trigger the crash in the CIP Safety dissector.

Mitigation and Prevention

To address CVE-2017-17085 and enhance security, consider the following steps:

Immediate Steps to Take

Update Wireshark to the latest version to apply the fix.
Avoid opening suspicious or untrusted capture files.

Long-Term Security Practices

Regularly update Wireshark and other software to patch known vulnerabilities.
Implement network segmentation to limit the impact of potential attacks.

Patching and Updates

Ensure timely installation of security updates and patches released by Wireshark to protect against known vulnerabilities.