CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14342
https://notcve.org/view.php?id=CVE-2018-14342
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. En Wireshark, de la versión 2.6.0 a la 2.6.1, de la versión 2.4.0 a la 2.4.7 y de la versión 2.2.0 a la 2.2.15, el disector del protocolo BGP podría entrar en un bucle largo. Esto se trató en epan/dissectors/packet-bgp.c validando las longitudes de Path Attribute. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104847 http://www.securitytracker.com/id/1041608 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13741 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=36af43dbb7673495948cd65d0346e8b9812b941c https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html https://www.wireshark.org/security/wnpa-sec-2018-34.html • CWE-834: Excessive Iteration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11361
https://notcve.org/view.php?id=CVE-2018-11361
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. En Wireshark 2.6.0, el disector de protocolo IEEE 802.11 podría cerrarse inesperadamente. Esto se abordó en epan/crypt/dot11decrypt.c evitando un desbordamiento de búfer durante el procesamiento FTE en Dot11DecryptTDLSDeriveKey. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1b52f9929238ce3948ec924ae4f9456b5e9df558 https://www.wireshark.org/security/wnpa-sec-2018-32.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-11358
https://notcve.org/view.php?id=CVE-2018-11358
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector Q.931 podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-q931.c evitando un uso de memoria previamente liberada una vez un paquete mal formado evitó ciertas limpiezas. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=ccb1ac3c8cec47fbbbf2e80ced80644005c65252 https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html https://www.debian.org/security/2018/dsa-4217 https://www.wireshark.org/security/wnpa-sec-2018-31.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-11360
https://notcve.org/view.php?id=CVE-2018-11360
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector GSM A DTAP podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-gsm_a_dtap.c solucionando un error por un paso que provocó un desbordamiento de búfer. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b https://www.debian.org/security/2018/dsa-4217 https://www.wireshark.org/security/wnpa-sec-2018-30.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11354
https://notcve.org/view.php?id=CVE-2018-11354
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. En Wireshark 2.6.0, el disector IEEE 1905.1a podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-ieee1905.c realizando una corrección en concreto en la gestión de cadenas. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14647 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cb517a4a434387e74a2f75ebb106ee3c3893251c https://www.wireshark.org/security/wnpa-sec-2018-26.html • CWE-20: Improper Input Validation •