Published: 22/05/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark
wireshark wireshark 2.6.0
debian debian linux 8.0

Debian Bug report logs - #900708 wireshark: CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Jun 2018 1 ...

In Wireshark 260, 240 to 246, and 220 to 2214, the DNS dissector could crash This was addressed in epan/dissectors/packet-dnsc by avoiding a NULL pointer dereference for an empty name in an SRV record ...

A null-pointer dereference has been found in the DNS dissector of Wireshark <= 260 ...

CWE-476 https://www.wireshark.org/security/wnpa-sec-2018-29.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681 http://www.securityfocus.com/bid/104308 http://www.securitytracker.com/id/1041036 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4425716ddba99374749bd033d9bc0f4add2fb973 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900708 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-11356 https://security.archlinux.org/CVE-2018-11356

CVE-2018-11356

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect