Published: 12/10/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark
debian debian linux 9.0
opensuse leap 15.1

Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code For the stable distribution (stretch), these problems have been fixed in version 265-1~deb9u1 We recommend that you upgrade your wireshark packages For the detailed security status ...

In Wireshark 260 to 263, the CoAP dissector could crash This was addressed in epan/dissectors/packet-coapc by ensuring that the piv length is correctly computed ...

A flaw has been discovered in wireshark >= 260 and < 264 in the CoAP dissector where an invalid frame could lead to NULL-pointer dereference This could be used by an attacker to crash wireshark by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file ...

CWE-682 https://www.wireshark.org/security/wnpa-sec-2018-49.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15172 http://www.securityfocus.com/bid/105583 http://www.securitytracker.com/id/1041909 https://www.debian.org/security/2018/dsa-4359 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b2bbd9fdf209911d94b23cc33f4daccbceb7fa8a https://nvd.nist.gov https://www.debian.org/security/./dsa-4359 https://access.redhat.com/security/cve/cve-2018-18225

CVE-2018-18225

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect