Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-11362 CVE-2018-14340 CVE-2018-14341 CVE-2018-14368 CVE-2018-16057 CVE-2018-19622 CVE-2018-7418

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. (CVE-2018-16057) In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. (CVE-2018-19622) In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. (CVE-2018-14368 ) In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. (CVE-2018-14340) In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. (CVE-2018-14341) In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. (CVE-2018-11362) In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. (CVE-2018-7418)

Source

ALAS2-2020-1438

Amazon Linux 2 Security Advisory: ALAS-2020-1438
Advisory Release Date: 2020-06-16 18:06 Pacific
Advisory Updated Date: 2020-06-17 23:39 Pacific

Severity: Medium

References: CVE-2018-11362 CVE-2018-14340 CVE-2018-14341 CVE-2018-14368 CVE-2018-16057 CVE-2018-19622 CVE-2018-7418

Issue Overview:

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. (CVE-2018-16057)

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. (CVE-2018-19622)

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. (CVE-2018-14368 )

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. (CVE-2018-14340)

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. (CVE-2018-14341)

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. (CVE-2018-11362)

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. (CVE-2018-7418)

Affected Packages:

wireshark

Issue Correction:
Run yum update wireshark to update your system.

New Packages:

aarch64:
    wireshark-1.10.14-24.amzn2.aarch64
    wireshark-gnome-1.10.14-24.amzn2.aarch64
    wireshark-devel-1.10.14-24.amzn2.aarch64
    wireshark-debuginfo-1.10.14-24.amzn2.aarch64

i686:
    wireshark-1.10.14-24.amzn2.i686
    wireshark-gnome-1.10.14-24.amzn2.i686
    wireshark-devel-1.10.14-24.amzn2.i686
    wireshark-debuginfo-1.10.14-24.amzn2.i686

src:
    wireshark-1.10.14-24.amzn2.src

x86_64:
    wireshark-1.10.14-24.amzn2.x86_64
    wireshark-gnome-1.10.14-24.amzn2.x86_64
    wireshark-devel-1.10.14-24.amzn2.x86_64
    wireshark-debuginfo-1.10.14-24.amzn2.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2020-1438

ALAS2-2020-1438

Vulmon Search

About

Products

Connect