Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-11358

Published: 22/05/2018 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Wireshark

Vulnerability Summary

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.

Vulnerable Product Search on Vulmon Subscribe to Product

wireshark wireshark

wireshark wireshark 2.6.0

debian debian linux 8.0

debian debian linux 7.0

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: wireshark: CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362
Debian Bug report logs - #900708 wireshark: CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Jun 2018 1 ...
Debian Security Advisories: DSA-4217-1 wireshark -- security update
It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 80211, SIGCOMP, LDSS, GSM A DTAP and Q931, which result in denial of service or the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 1 ...
Red Hat: CVE-2018-11358
A use-after-free flaw was found in the code responsible for processing packages from Q931 protocol, in wireshark An attacker can send specially crafted packages over the network which, when received, would cause an application to crash, or potentially, corrupt information ...
Arch Linux Issues:
A heap-based use-after-free has been found in the Q931 dissector of Wireshark <= 260 ...

References

CWE-416https://www.wireshark.org/security/wnpa-sec-2018-31.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689https://lists.debian.org/debian-lts-announce/2018/05/msg00019.htmlhttp://www.securityfocus.com/bid/104308https://www.debian.org/security/2018/dsa-4217http://www.securitytracker.com/id/1041036http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.htmlhttps://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=ccb1ac3c8cec47fbbbf2e80ced80644005c65252https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900708https://nvd.nist.govhttps://www.debian.org/security/./dsa-4217https://access.redhat.com/security/cve/cve-2018-11358
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook