CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11359
https://notcve.org/view.php?id=CVE-2018-11359
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector RRC y otros disectores podrían cerrarse inesperadamente. Esto se abordó en epan/proto.c evitando una desreferencia de puntero NULL. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=beaebe91b14564fb9f86f0726bab09927872721b https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-33.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11356
https://notcve.org/view.php?id=CVE-2018-11356
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector DNS podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-dns.c evitando una desreferencia de puntero NULL en un nombre vacío en un registro SRV. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4425716ddba99374749bd033d9bc0f4add2fb973 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-29.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11357
https://notcve.org/view.php?id=CVE-2018-11357
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector LTP y otros disectores podrían cerrarse inesperadamente. Esto se abordó en epan/tvbuff.c rechazando las longitudes negativas. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=ab8a33ef083b9732c89117747a83a905a676faf6 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-28.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-11362 – wireshark: Out-of-bounds read in packet-ldss.c
https://notcve.org/view.php?id=CVE-2018-11362
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. En Wireshark 2.6.0, 2.4.0 a 2.4.6 y 2.2.0 a 2.2.14, el disector LDSS podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-ldss.c evitando una sobrelectura de búfer al encontrar un carácter "\0" faltante. A heap-based buffer overflow was found in the wireshark module responsible for analyzing the LDSS protocol. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f177008b04a530640de835ca878892e58b826d58 https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html https://www.debian.org/security/2018/dsa-4217 https://www.wireshark.org/security/wnpa-sec-2018-25.html ht • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-9271
https://notcve.org/view.php?id=CVE-2018-9271
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. En Wireshark 2.4.0 a 2.4.5 y 2.2.0 a 2.2.13, epan/dissectors/packet-multipart.c tiene una fuga de memoria. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14486 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5b0228945dc74ee82d2ab4a4e7af2bdfe7b75910 https://www.wireshark.org/security/wnpa-sec-2018-24.html • CWE-772: Missing Release of Resource after Effective Lifetime •