CVE-2017-6473 : Security Advisory and Response

Wireshark versions 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10 were affected by a K12 file parser crash issue, which has been resolved. This vulnerability occurred when encountering a malformed capture file.

Understanding CVE-2017-6473

This CVE entry addresses a specific vulnerability in Wireshark versions 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10.

What is CVE-2017-6473?

In Wireshark versions 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, a K12 file parser crash could be triggered by encountering a malformed capture file. The issue was located in wiretap/k12.c and was resolved by validating the relationships between lengths and offsets.

The Impact of CVE-2017-6473

The vulnerability could lead to a crash in Wireshark when processing a malformed capture file, potentially causing denial of service or other security implications.

Technical Details of CVE-2017-6473

Wireshark versions 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10 were affected by this vulnerability.

Vulnerability Description

The vulnerability stemmed from a flaw in the K12 file parser in Wireshark, triggered by encountering malformed capture files.

Affected Systems and Versions

Wireshark versions 2.2.0 to 2.2.4
Wireshark versions 2.0.0 to 2.0.10

Exploitation Mechanism

The issue could be exploited by an attacker providing a specially crafted malformed capture file to the Wireshark application, leading to a crash.

Mitigation and Prevention

To address CVE-2017-6473, consider the following steps:

Immediate Steps to Take

Update Wireshark to the latest version available.
Avoid opening suspicious or untrusted capture files.

Long-Term Security Practices

Regularly update Wireshark and other software to patch known vulnerabilities.
Practice safe browsing habits and exercise caution when handling unknown files.

Patching and Updates

Ensure that Wireshark is regularly updated to the latest version to mitigate the risk of known vulnerabilities.