CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19628
https://notcve.org/view.php?id=CVE-2018-19628
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. En Wireshark desde la versión 2.6.0 hasta la 2.6.4, el disector ZigBee ZCL podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-zbee-zcl-lighting.c evitando un error de división entre cero. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/106051 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15281 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=212b18825d9b668cda23d334c48867dfa66b2b36 https://www.debian.org/security/2018/dsa-4359 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.wireshark.org/security/wnpa-sec-2018-57.html • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19624
https://notcve.org/view.php?id=CVE-2018-19624
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. En Wireshark 2.6.0 a 2.6.4 y 2.4.0 a 2.4.10, el disector PVFS podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-pvfs2.c evitando una desreferencia de puntero NULL. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/106051 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15280 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=3e319db1107b08fc3be804b6d449143ec9aa0dec https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.debian.org/security/2018/dsa-4359 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.wireshark.org/security/wnpa-sec-2018&# • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19625
https://notcve.org/view.php?id=CVE-2018-19625
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. En Wireshark 2.6.0 a 2.6.4 y 2.4.0 a 2.4.10, el motor de disección podría cerrarse inesperadamente. Esto se abordó en epan/tvbuff_composite.c evitando una sobrelectura de búfer basada en memoria dinámica (heap). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/106051 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14466 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=dc4d209f39132a4ae05675a11609176ae9705cfc https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.debian.org/security/2018/dsa-4359 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.wireshark.org/security/wnpa-sec-2018&# • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19626
https://notcve.org/view.php?id=CVE-2018-19626
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. En Wireshark 2.6.0 a 2.6.4 y 2.4.0 a 2.4.10, el disector DCOM podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-dcom.c añadiendo la terminación "\0". • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/106051 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=c5a65115ebab55cfd5ce0a855c2256e01cab6449 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.debian.org/security/2018/dsa-4359 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.wireshark.org/security/wnpa-sec-2018&# • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18226
https://notcve.org/view.php?id=CVE-2018-18226
In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. En Wireshark desde la versión 2.6.0 hasta la 2.6.3, el disector Steam IHS Discovery podría consumir memoria del sistema. Esto se abordó en epan/dissectors/packet-steam-ihs-discovery.c cambiando el enfoque de gestión de memoria. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/105583 http://www.securitytracker.com/id/1041909 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15171 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6e920ddc3cad2886ef07ca1a8e50e2a5c50986f7 https://www.debian.org/security/2018/dsa-4359 https://www.wireshark.org/security/wnpa-sec-2018-48.html • CWE-772: Missing Release of Resource after Effective Lifetime •