28 lines
No EOL
597 B
Text
28 lines
No EOL
597 B
Text
Summary
|
|
|
|
Name: CIP Safety dissector crash
|
|
|
|
Docid: wnpa-sec-2017-49
|
|
|
|
Date: November 30, 2017
|
|
|
|
Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10
|
|
|
|
Fixed versions: 2.4.3, 2.2.11
|
|
|
|
References:
|
|
Wireshark bug 14250
|
|
|
|
Details
|
|
|
|
Description
|
|
The CIP Safety dissector could crash.
|
|
Impact
|
|
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
|
|
|
|
Resolution
|
|
Upgrade to Wireshark 2.4.3, 2.2.11 or later.
|
|
|
|
|
|
Proof of Concept:
|
|
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/43233.zip |