b546191ef2
9 changes to exploits/shellcodes Microsoft Windows Defender - Controlled Folder Bypass Through UNC Path Wireshark 2.4.0 - 2.4.2 / 2.2.0 - 2.2.10 - CIP Safety Dissector Crash Linux Kernel - DCCP Socket Use-After-Free LaCie 5big Network 2.2.8 - Command Injection Polycom Shell HDX Series - Traceroute Command Execution (Metasploit) Claymore Dual ETH + DCR/SC/LBC/PASC GPU Miner - Stack Buffer Overflow / Path Traversal FS IMDB Clone - 'id' SQL Injection FS Facebook Clone - 'token' SQL Injection OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting
28 lines
No EOL
632 B
Text
28 lines
No EOL
632 B
Text
Summary
|
|
|
|
Name: CIP Safety dissector crash
|
|
|
|
Docid: wnpa-sec-2017-49
|
|
|
|
Date: November 30, 2017
|
|
|
|
Affected versions: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10
|
|
|
|
Fixed versions: 2.4.3, 2.2.11
|
|
|
|
References:
|
|
Wireshark bug 14250
|
|
|
|
Details
|
|
|
|
Description
|
|
The CIP Safety dissector could crash.
|
|
Impact
|
|
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
|
|
|
|
Resolution
|
|
Upgrade to Wireshark 2.4.3, 2.2.11 or later.
|
|
|
|
|
|
Proof of Concept:
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/43233.zip |