{"id":"CVE-2017-9347","details":"In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.","modified":"2026-03-15T14:25:55.818066Z","published":"2017-06-02T05:29:00.387Z","related":["SUSE-SU-2017:1663-1","SUSE-SU-2017:1664-1","openSUSE-SU-2024:11513-1"],"references":[{"type":"WEB","url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=278e52f26e7e1a23f8d2e8ed98693328c992bdce"},{"type":"ADVISORY","url":"https://www.wireshark.org/security/wnpa-sec-2017-31.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98800"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038612"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1216"},{"type":"FIX","url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/42124/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wireshark/wireshark","events":[{"introduced":"5368c50be46d4a44986d12bdfc0a35b42c0f34fc"},{"last_affected":"32dac6a1ea518cb0062c139e2b3df298afc93c30"}],"database_specific":{"versions":[{"introduced":"2.2.0"},{"last_affected":"2.2.6"}]}}],"versions":["2.2.1rc0","v2.2.0","v2.2.1","v2.2.1rc0","v2.2.2","v2.2.2rc0","v2.2.3","v2.2.3rc0","v2.2.4","v2.2.4rc0","v2.2.5","v2.2.5rc0","v2.2.6","v2.2.6rc0","wireshark-2.2.0","wireshark-2.2.1","wireshark-2.2.2","wireshark-2.2.3","wireshark-2.2.4","wireshark-2.2.5","wireshark-2.2.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9347.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}