CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-9256
https://notcve.org/view.php?id=CVE-2018-9256
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, el disector LWAPP podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-lwapp.c limitando los niveles de encapsulamiento para restringir la profundidad de recursión. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14467 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-9272
https://notcve.org/view.php?id=CVE-2018-9272
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, epan/dissectors/packet-h223.c tiene una fuga de memoria. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14487 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-9258
https://notcve.org/view.php?id=CVE-2018-9258
04 Apr 2018 — In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. En Wireshark desde la versión 2.4.0 hasta la 2.4.5, el disector TCP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-tcp.c preservando los orígenes válidos de datos. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14472 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7323
https://notcve.org/view.php?id=CVE-2018-7323
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-wccp.c tenía un gran bucle que se abordó asegurando que una longitud calculada se incrementaba repetitivamente. • http://www.securityfocus.com/bid/103158 • CWE-834: Excessive Iteration •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7325
https://notcve.org/view.php?id=CVE-2018-7325
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-rpki-rtr.c tenía un bucle infinito que se abordó validando un campo length. • http://www.securityfocus.com/bid/103158 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-7336
https://notcve.org/view.php?id=CVE-2018-7336
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 02/02/2012, el disector FCP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-fcp.c buscando un puntero NULL. • http://www.securityfocus.com/bid/103166 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7324
https://notcve.org/view.php?id=CVE-2018-7324
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-sccp.c tenía un bucle infinito que se abordó empleando un tipo de datos de enteros correcto. • http://www.securityfocus.com/bid/103158 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-7421
https://notcve.org/view.php?id=CVE-2018-7421
23 Feb 2018 — In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. En Wireshark 2.2.0 a 2.2.12 y 2.4.0 a 2.4.4, el disector DMP podría entrar en un bucle infinito. Esto se trató en epan/dissectors/packet-dmp.c soportando correctamente un número limitado de Security Categories para DMP Security Classification. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14408 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2018-7419 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-7419
23 Feb 2018 — In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. En Wireshark 2.2.0 a 2.2.12 y 2.4.0 a 2.4.4, el disector NBAP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/asn1/nbap/nbap.cnf asegurando la inicialización de DCH ID. It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 80... • http://www.securityfocus.com/bid/103159 • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7321
https://notcve.org/view.php?id=CVE-2018-7321
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-thrift.c tenía un gran bucle que se abordó no procediendo con la disección tras encontrar un tipo inesperado. • http://www.securityfocus.com/bid/103158 • CWE-834: Excessive Iteration •