Sign-up

ID

VAR-201706-0813


CVE

CVE-2017-9766


TITLE

Wireshark 'profinet/packet-dcerpc-pn-io.c' Denial of service vulnerability

Trust: 1.1

sources: IVD: 574b44dd-7862-4fcd-8942-a6046b4023f7 // CNVD: CNVD-2017-16243 // BID: 99187

DESCRIPTION

In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. Wireshark (formerly known as Ethereal) is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the \342\200\230dissect_IODWriteReq\342\200\231 function of the plugins/profinet/packet-dcerpc-pn-io.c file in Wireshark version 2.2.7. Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Wireshark 2.2.7 is vulnerable; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2017-9766 // JVNDB: JVNDB-2017-004922 // CNVD: CNVD-2017-16243 // BID: 99187 // IVD: 574b44dd-7862-4fcd-8942-a6046b4023f7

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 574b44dd-7862-4fcd-8942-a6046b4023f7 // CNVD: CNVD-2017-16243

AFFECTED PRODUCTS

vendor:wiresharkmodel:wiresharkscope:eqversion:2.2.7

Trust: 3.3

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:wiresharkmodel: - scope:eqversion:2.2.7

Trust: 0.2

vendor:debian linuxmodel: - scope:eqversion:8.0

Trust: 0.2

sources: IVD: 574b44dd-7862-4fcd-8942-a6046b4023f7 // CNVD: CNVD-2017-16243 // BID: 99187 // JVNDB: JVNDB-2017-004922 // CNNVD: CNNVD-201706-950 // NVD: CVE-2017-9766

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9766
value: HIGH

Trust: 1.0

NVD: CVE-2017-9766
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-16243
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-950
value: HIGH

Trust: 0.6

IVD: 574b44dd-7862-4fcd-8942-a6046b4023f7
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2017-9766
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-16243
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 574b44dd-7862-4fcd-8942-a6046b4023f7
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-9766
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 574b44dd-7862-4fcd-8942-a6046b4023f7 // CNVD: CNVD-2017-16243 // JVNDB: JVNDB-2017-004922 // CNNVD: CNNVD-201706-950 // NVD: CVE-2017-9766

PROBLEMTYPE DATA

problemtype:CWE-674

Trust: 1.0

problemtype:CWE-399

Trust: 0.8

sources: JVNDB: JVNDB-2017-004922 // NVD: CVE-2017-9766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-950

TYPE

Resource management error

Trust: 0.8

sources: IVD: 574b44dd-7862-4fcd-8942-a6046b4023f7 // CNNVD: CNNVD-201706-950

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004922

PATCH
title:PROFINET IO: define an arbitrary recursion depth limiturl:https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000
Trust: 0.8
title:Bug 13811url:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
Trust: 0.8
title:Wireshark 'profinet/packet-dcerpc-pn-io.c' patch for denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/98687
Trust: 0.6
title:Wireshark Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71172
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-16243 // 
            
            
            
            JVNDB: JVNDB-2017-004922 // 
            
            
            
            CNNVD: CNNVD-201706-950

EXTERNAL IDS
db:NVDid:CVE-2017-9766
Trust: 3.5
db:BIDid:99187
Trust: 2.5
db:CNVDid:CNVD-2017-16243
Trust: 0.8
db:CNNVDid:CNNVD-201706-950
Trust: 0.8
db:JVNDBid:JVNDB-2017-004922
Trust: 0.8
db:IVDid:574B44DD-7862-4FCD-8942-A6046B4023F7
Trust: 0.2
sources:
            
            
            IVD: 574b44dd-7862-4fcd-8942-a6046b4023f7 // 
            
            
            
            CNVD: CNVD-2017-16243 // 
            
            
            
            BID: 99187 // 
            
            
            
            JVNDB: JVNDB-2017-004922 // 
            
            
            
            CNNVD: CNNVD-201706-950 // 
            
            
            
            NVD: CVE-2017-9766

REFERENCES
url:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
Trust: 2.5
url:http://www.securityfocus.com/bid/99187
Trust: 2.2
url:https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
Trust: 1.6
url:https://code.wireshark.org/review/gitweb?p=wireshark.git%3ba=commit%3bh=d6e888400ba64de3147d1111a4c23edf389b0000
Trust: 1.0
url:https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9766
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9766
Trust: 0.8
url:http://www.wireshark.org/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-16243 // 
            
            
            
            BID: 99187 // 
            
            
            
            JVNDB: JVNDB-2017-004922 // 
            
            
            
            CNNVD: CNNVD-201706-950 // 
            
            
            
            NVD: CVE-2017-9766

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 99187

SOURCES
db:IVDid:574b44dd-7862-4fcd-8942-a6046b4023f7
db:CNVDid:CNVD-2017-16243
db:BIDid:99187
db:JVNDBid:JVNDB-2017-004922
db:CNNVDid:CNNVD-201706-950
db:NVDid:CVE-2017-9766

LAST UPDATE DATE
2025-04-20T23:16:06.561000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-16243date:2017-07-24T00:00:00
db:BIDid:99187date:2017-06-21T00:00:00
db:JVNDBid:JVNDB-2017-004922date:2017-07-11T00:00:00
db:CNNVDid:CNNVD-201706-950date:2019-10-23T00:00:00
db:NVDid:CVE-2017-9766date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:574b44dd-7862-4fcd-8942-a6046b4023f7date:2017-07-24T00:00:00
db:CNVDid:CNVD-2017-16243date:2017-07-24T00:00:00
db:BIDid:99187date:2017-06-21T00:00:00
db:JVNDBid:JVNDB-2017-004922date:2017-07-11T00:00:00
db:CNNVDid:CNNVD-201706-950date:2017-06-22T00:00:00
db:NVDid:CVE-2017-9766date:2017-06-21T07:29:00.303