Published: 11/01/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 9.0

It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeriWave, WCP, JSON, XML, NTP, XMPP and GDB, which could result in denial of service or the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 1121+g01b6 ...

Debian Bug report logs - #885831 wireshark: CVE-2017-17935: Denial of service in the File_read_line function in epan/wslua/wslua_filec Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <rbalint@ubuntucom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 30 Dec 2017 09:00:02 UTC ...

In Wireshark 240 to 243 and 220 to 2211, the IxVeriWave file parser could crash This was addressed in wiretap/vwrc by correcting the signature timestamp bounds checks ...

CWE-119 https://www.wireshark.org/security/wnpa-sec-2018-03.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297 http://www.securityfocus.com/bid/102499 https://www.debian.org/security/2018/dsa-4101 https://lists.debian.org/debian-lts-announce/2018/01/msg00032.html https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=dc308c05ba0673460fe80873b22d296880ee996d https://nvd.nist.gov https://www.debian.org/security/./dsa-4101 https://access.redhat.com/security/cve/cve-2018-5334

CVE-2018-5334

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect