CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7333
https://notcve.org/view.php?id=CVE-2018-7333
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-rpcrdma.c tenía un bucle infinito que se abordó validando un tamaño de fragmento. • http://www.securityfocus.com/bid/103158 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14449 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=bd6313181317bfe83842b27650b65f3c2b8d5dc9 https://www.wireshark.org/security/wnpa-sec-2018-06.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6836
https://notcve.org/view.php?id=CVE-2018-6836
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. La función netmonrec_comment_destroy en wiretap/netmon.c en Wireshark, hasta la versión 2.4.4, realiza una operación de liberación en una dirección de memoria no inicializada, lo que permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) u otro tipo de impacto sin especificar. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397 https://code.wireshark.org/review/#/c/25660 https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=28960d79cca262ac6b974f339697b299a1e28fef • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5334
https://notcve.org/view.php?id=CVE-2018-5334
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. En Wireshark 2.4.0 a 2.4.3 y 2.2.0 a 2.2.11, el analizador IxVeriWave de archivos podría cerrarse inesperadamente. Esto se abordó en wiretap/vwr.c corrigiendo las comprobaciones de límites de marca de tiempo de firma. • http://www.securityfocus.com/bid/102499 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=dc308c05ba0673460fe80873b22d296880ee996d https://lists.debian.org/debian-lts-announce/2018/01/msg00032.html https://www.debian.org/security/2018/dsa-4101 https://www.wireshark.org/security/wnpa-sec-2018-03.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5335
https://notcve.org/view.php?id=CVE-2018-5335
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. En Wireshark 2.4.0 a 2.4.3 y 2.2.0 a 2.2.11, el disector WCP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-wcp.c validando la longitud del búfer disponible. • http://www.securityfocus.com/bid/102500 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=086b87376b988c555484349aa115d6e08ac6db07 https://lists.debian.org/debian-lts-announce/2018/01/msg00032.html https://www.debian.org/security/2018/dsa-4101 https://www.wireshark.org/security/wnpa-sec-2018-04.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5336
https://notcve.org/view.php?id=CVE-2018-5336
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. En Wireshark 2.4.0 a 2.4.3 y 2.2.0 a 2.2.11, los disectores JSON, XML, NTP, XMPP y GDB podrían cerrarse inesperadamente. Esto se trató en epan/tvbparse.c limitando la profundidad de la recursión. • http://www.securityfocus.com/bid/102504 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14253 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4f4c95cf46ba6adbd10b09747e10742801bc706b https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f6702e49a9720d173246668495eece6d77eca5b0 https://lists.debian.org/debian-lts-announce/2018/01/msg00032.html https://www.debian.org/security/2018/dsa-4101 https://www.wireshark.org/security/wnpa-sec-2018-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •