CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11356
https://notcve.org/view.php?id=CVE-2018-11356
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector DNS podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-dns.c evitando una desreferencia de puntero NULL en un nombre vacío en un registro SRV. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4425716ddba99374749bd033d9bc0f4add2fb973 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-29.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11357
https://notcve.org/view.php?id=CVE-2018-11357
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector LTP y otros disectores podrían cerrarse inesperadamente. Esto se abordó en epan/tvbuff.c rechazando las longitudes negativas. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=ab8a33ef083b9732c89117747a83a905a676faf6 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-28.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-11362 – wireshark: Out-of-bounds read in packet-ldss.c
https://notcve.org/view.php?id=CVE-2018-11362
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector LDSS podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-ldss.c evitando una sobrelectura de búfer al encontrar un carácter "\0" faltante. A heap-based buffer overflow was found in the wireshark module responsible for analyzing the LDSS protocol. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f177008b04a530640de835ca878892e58b826d58 https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html https://www.debian.org/security/2018/dsa-4217 https://www.wireshark.org/security/wnpa-sec-2018-25.html ht • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11355
https://notcve.org/view.php?id=CVE-2018-11355
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. En Wireshark 2.6.0, el disector RTCP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-rtcp.c evitando un desbordamiento de búfer en los fragmentos de estado de paquete. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=99d27a5fd2c540f837154aca3b3647f5ccfa0c33 https://www.wireshark.org/security/wnpa-sec-2018-27.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •