CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7333
https://notcve.org/view.php?id=CVE-2018-7333
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-rpcrdma.c tenía un bucle infinito que se abordó validando un tamaño de fragmento. • http://www.securityfocus.com/bid/103158 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-7334 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-7334
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, el disector UMTS MAC podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-umts_mac.c rechazando cierto valor reservado. It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IE... • http://www.securityfocus.com/bid/103162 •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-7335 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-7335
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, el disector IEEE 802.11 podría cerrarse inesperadamente. Esto se trató en epan/crypt/airpdcap.c rechazando longitudes demasiado pequeñas. It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11... • http://www.securityfocus.com/bid/103165 •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-7336
https://notcve.org/view.php?id=CVE-2018-7336
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 02/02/2012, el disector FCP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-fcp.c buscando un puntero NULL. • http://www.securityfocus.com/bid/103166 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7417
https://notcve.org/view.php?id=CVE-2018-7417
23 Feb 2018 — In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. En Wireshark 2.2.0 a 2.2.12 y 2.4.0 a 2.4.4, el disector IPMI podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-ipmi-picmg.c añadiendo soporte a paquetes manipulados que carecen de cabecera IPMI. • http://www.securityfocus.com/bid/103156 •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-7418 – wireshark: SIGCOMP dissector crash in packet-sigcomp.c
https://notcve.org/view.php?id=CVE-2018-7418
23 Feb 2018 — In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. En Wireshark 2.2.0 a 2.2.12 y 2.4.0 a 2.4.4, el disector SIGCOMP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-sigcomp.c corrigiendo la extracción del valor de longitud. A denial of service flaw was found in the SIGCOMP dissector in Wireshark. • http://www.securityfocus.com/bid/103157 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2018-7419 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-7419
23 Feb 2018 — In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. En Wireshark 2.2.0 a 2.2.12 y 2.4.0 a 2.4.4, el disector NBAP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/asn1/nbap/nbap.cnf asegurando la inicialización de DCH ID. It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 80... • http://www.securityfocus.com/bid/103159 • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2018-7420
https://notcve.org/view.php?id=CVE-2018-7420
23 Feb 2018 — In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. En Wireshark 2.2.0 a 2.2.12 y 2.4.0 a 2.4.4, el analizador de archivos pcapng podría cerrarse inesperadamente. Esto se trató en wiretap/pcapng.c añadiendo una comprobación block-size para los bloques de evento sysdig. • http://www.securityfocus.com/bid/103163 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-7421
https://notcve.org/view.php?id=CVE-2018-7421
23 Feb 2018 — In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. En Wireshark 2.2.0 a 2.2.12 y 2.4.0 a 2.4.4, el disector DMP podría entrar en un bucle infinito. Esto se trató en epan/dissectors/packet-dmp.c soportando correctamente un número limitado de Security Categories para DMP Security Classification. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14408 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6836
https://notcve.org/view.php?id=CVE-2018-6836
08 Feb 2018 — The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. La función netmonrec_comment_destroy en wiretap/netmon.c en Wireshark, hasta la versión 2.4.4, realiza una operación de liberación en una dirección de memoria no inicializada, lo que permite que atacantes remotos provoquen una denegación de s... • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397 • CWE-763: Release of Invalid Pointer or Reference •