CVE-2018-11357
https://notcve.org/view.php?id=CVE-2018-11357
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector LTP y otros disectores podrían cerrarse inesperadamente. Esto se abordó en epan/tvbuff.c rechazando las longitudes negativas. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=ab8a33ef083b9732c89117747a83a905a676faf6 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-28.html • CWE-20: Improper Input Validation •
CVE-2018-11362 – wireshark: Out-of-bounds read in packet-ldss.c
https://notcve.org/view.php?id=CVE-2018-11362
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector LDSS podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-ldss.c evitando una sobrelectura de búfer al encontrar un carácter "\0" faltante. A heap-based buffer overflow was found in the wireshark module responsible for analyzing the LDSS protocol. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f177008b04a530640de835ca878892e58b826d58 https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html https://www.debian.org/security/2018/dsa-4217 https://www.wireshark.org/security/wnpa-sec-2018-25.html ht • CWE-125: Out-of-bounds Read •
CVE-2018-11355
https://notcve.org/view.php?id=CVE-2018-11355
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. En Wireshark 2.6.0, el disector RTCP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-rtcp.c evitando un desbordamiento de búfer en los fragmentos de estado de paquete. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=99d27a5fd2c540f837154aca3b3647f5ccfa0c33 https://www.wireshark.org/security/wnpa-sec-2018-27.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-9271
https://notcve.org/view.php?id=CVE-2018-9271
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, epan/dissectors/packet-multipart.c tiene una fuga de memoria. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14486 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5b0228945dc74ee82d2ab4a4e7af2bdfe7b75910 https://www.wireshark.org/security/wnpa-sec-2018-24.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-9269
https://notcve.org/view.php?id=CVE-2018-9269
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, epan/dissectors/packet-giop.c tiene una fuga de memoria. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e19aba33026212cbe000ece633adf14d109489fa https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-24.html • CWE-772: Missing Release of Resource after Effective Lifetime •