CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11357
https://notcve.org/view.php?id=CVE-2018-11357
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector LTP y otros disectores podrían cerrarse inesperadamente. Esto se abordó en epan/tvbuff.c rechazando las longitudes negativas. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=ab8a33ef083b9732c89117747a83a905a676faf6 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-28.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11355
https://notcve.org/view.php?id=CVE-2018-11355
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. En Wireshark 2.6.0, el disector RTCP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-rtcp.c evitando un desbordamiento de búfer en los fragmentos de estado de paquete. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=99d27a5fd2c540f837154aca3b3647f5ccfa0c33 https://www.wireshark.org/security/wnpa-sec-2018-27.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11361
https://notcve.org/view.php?id=CVE-2018-11361
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. En Wireshark 2.6.0, el disector de protocolo IEEE 802.11 podría cerrarse inesperadamente. Esto se abordó en epan/crypt/dot11decrypt.c evitando un desbordamiento de búfer durante el procesamiento FTE en Dot11DecryptTDLSDeriveKey. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1b52f9929238ce3948ec924ae4f9456b5e9df558 https://www.wireshark.org/security/wnpa-sec-2018-32.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11359
https://notcve.org/view.php?id=CVE-2018-11359
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector RRC y otros disectores podrían cerrarse inesperadamente. Esto se abordó en epan/proto.c evitando una desreferencia de puntero NULL. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=beaebe91b14564fb9f86f0726bab09927872721b https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-33.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11354
https://notcve.org/view.php?id=CVE-2018-11354
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. En Wireshark 2.6.0, el disector IEEE 1905.1a podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-ieee1905.c realizando una corrección en concreto en la gestión de cadenas. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14647 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cb517a4a434387e74a2f75ebb106ee3c3893251c https://www.wireshark.org/security/wnpa-sec-2018-26.html • CWE-20: Improper Input Validation •