CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-9261 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-9261
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, el disector NBAP podría cerrarse inesperadamente con un gran bucle que termina con un desbordamiento de búfer basado en memoria dinámica (heap). Esto se trató en epan/dissectors/packet-nbap.c c prohibiendo el autoenlazado de DCH... • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14471 • CWE-834: Excessive Iteration •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-9262
https://notcve.org/view.php?id=CVE-2018-9262
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, el disector VLAN podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-lwapp.c limitando la anidación de etiquetas VLAN para restringir la profundidad de recursión. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14469 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-9256
https://notcve.org/view.php?id=CVE-2018-9256
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, el disector LWAPP podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-lwapp.c limitando los niveles de encapsulamiento para restringir la profundidad de recursión. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14467 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7320 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-7320
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, el disector del protocolo SIGCOMP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-sigcomp.c validando los desplazamientos de operandos. It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB... • http://www.securityfocus.com/bid/103160 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7325
https://notcve.org/view.php?id=CVE-2018-7325
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-rpki-rtr.c tenía un bucle infinito que se abordó validando un campo length. • http://www.securityfocus.com/bid/103158 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7337
https://notcve.org/view.php?id=CVE-2018-7337
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. En Wireshark desde la versión 2.4.0 hasta la 2.4.4, el disector de protocolo DOCSIS podría cerrarse inesperadamente. Esto se trató en plugins/docsis/packet-docsis.c eliminando el algoritmo recursivo que se había estado empleando para los PDU concatenados. • http://www.securityfocus.com/bid/103164 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7420
https://notcve.org/view.php?id=CVE-2018-7420
23 Feb 2018 — In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. En Wireshark 2.2.0 a 2.2.12 y 2.4.0 a 2.4.4, el analizador de archivos pcapng podría cerrarse inesperadamente. Esto se trató en wiretap/pcapng.c añadiendo una comprobación block-size para los bloques de evento sysdig. • http://www.securityfocus.com/bid/103163 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7332
https://notcve.org/view.php?id=CVE-2018-7332
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-reload.c tenía un bucle infinito que se abordó validando una longitud. • http://www.securityfocus.com/bid/103158 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7333
https://notcve.org/view.php?id=CVE-2018-7333
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-rpcrdma.c tenía un bucle infinito que se abordó validando un tamaño de fragmento. • http://www.securityfocus.com/bid/103158 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7335 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-7335
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, el disector IEEE 802.11 podría cerrarse inesperadamente. Esto se trató en epan/crypt/airpdcap.c rechazando longitudes demasiado pequeñas. It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11... • http://www.securityfocus.com/bid/103165 •