CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-11358 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-11358
22 May 2018 — In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector Q.931 podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-q931.c evitando un uso de memoria previamente liberada una vez un paquete mal formado evitó ciertas limpiezas. It was discovered that Wireshark, ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-11359
https://notcve.org/view.php?id=CVE-2018-11359
22 May 2018 — In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector RRC y otros disectores podrían cerrarse inesperadamente. Esto se abordó en epan/proto.c evitando una desreferencia de puntero NULL. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-11360 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-11360
22 May 2018 — In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector GSM A DTAP podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-gsm_a_dtap.c solucionando un error por un paso que provocó un desbordamiento de búfer. It was discovered that Wireshark, a network protocol analyzer,... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-11362 – wireshark: Out-of-bounds read in packet-ldss.c
https://notcve.org/view.php?id=CVE-2018-11362
22 May 2018 — In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector LDSS podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-ldss.c evitando una sobrelectura de búfer al encontrar un carácter "\0" faltante. A heap-based buffer overflow was found in the wireshark module responsi... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-9256
https://notcve.org/view.php?id=CVE-2018-9256
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, el disector LWAPP podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-lwapp.c limitando los niveles de encapsulamiento para restringir la profundidad de recursión. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14467 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9257
https://notcve.org/view.php?id=CVE-2018-9257
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. En Wireshark desde la versión 2.4.0 hasta la 2.4.5, el disector CQL podría entrar en un bucle infinito. Esto se trató en epan/dissectors/packet-cql.c comprobando un número de columnas que no es cero. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-9258
https://notcve.org/view.php?id=CVE-2018-9258
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. En Wireshark desde la versión 2.4.0 hasta la 2.4.5, el disector TCP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-tcp.c preservando los orígenes válidos de datos. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14472 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-9259
https://notcve.org/view.php?id=CVE-2018-9259
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, el disector MP4 podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/file-mp4.c al restringir la profundidad de recursión de cuadro. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-9260
https://notcve.org/view.php?id=CVE-2018-9260
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, el disector IEEE 802.15.4 podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-ieee802154.c garantizando que ocurre un paso de asignación. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-9261 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-9261
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, el disector NBAP podría cerrarse inesperadamente con un gran bucle que termina con un desbordamiento de búfer basado en memoria dinámica (heap). Esto se trató en epan/dissectors/packet-nbap.c c prohibiendo el autoenlazado de DCH... • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14471 • CWE-834: Excessive Iteration •