CVE-2017-17997

Step 1: Packet Crafting: The attacker crafts a malicious MRDISC packet. This packet contains a malformed or invalid IPv4 address within its payload. Step 2: Packet Delivery: The attacker sends the crafted MRDISC packet to a network monitored by a system running Wireshark. This could be achieved through various means, including network injection or sending the packet directly to the target machine if Wireshark is running on it. Step 3: Packet Capture: Wireshark captures the malicious MRDISC packet. Step 4: Dissection: Wireshark's MRDISC dissector attempts to parse the packet. Step 5: Vulnerability Trigger: The dissector attempts to use the invalid IPv4 address without proper validation, leading to a NULL pointer dereference. Step 6: Crash: The NULL pointer dereference causes Wireshark to crash, resulting in a denial-of-service condition.

The vulnerability stems from a NULL pointer dereference within the MRDISC dissector in Wireshark. Specifically, the code fails to properly validate an IPv4 address before using it. This lack of validation allows an attacker to craft a malicious MRDISC packet containing a malformed IPv4 address, which, when processed by the dissector, leads to the program attempting to access memory at an invalid address (NULL). This invalid memory access triggers a crash, resulting in a DoS condition. The root cause is a missing check for a NULL pointer before dereferencing it, a classic programming error. The fix, as described in the description, involves validating the IPv4 address to prevent the NULL pointer dereference.