Published: 29/11/2018 Updated: 20/03/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.

Vulnerability Trend

Affected Products

Vendor Product Versions
WiresharkWireshark2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4
DebianDebian Linux8.0, 9.0

Vendor Advisories

An out of bounds heap read vulnerability in the dissection engine could allow Wireshark to crash when parsing a specially crafted pcap file A remote attacker could cause a denial of service to Wireshark by injecting malicious packets into the network that are automatically processed ...
An out-of-bounds read has been found in the dissection engine of Wireshark versions prior to 265, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file ...
Arch Linux Security Advisory ASA-201812-3 ========================================= Severity: Critical Date : 2018-12-08 CVE-ID : CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 CVE-2018-19628 Package : wireshark-cli Type : multiple issues Remote : Yes Link : securityarchlinux ...
Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code For the stable distribution (stretch), these problems have been fixed in version 265-1~deb9u1 We recommend that you upgrade your wireshark packages For the detailed security status ...
Oracle Solaris Third Party Bulletin - January 2019 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Criti ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4359-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff December 27, 2018 wwwdebianorg/security/faq ...