Published: 23/02/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 9.0

It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 80211, SIGCOMP, LDSS, GSM A DTAP and Q931, which result in denial of service or the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 1 ...

A denial of service flaw was found in the NBAP dissector in Wireshark A remote network attacker could potentially use this flaw to crash Wireshark by tricking it into processing a crafted packet ...

CWE-665 https://www.wireshark.org/security/wnpa-sec-2018-14.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14443 http://www.securityfocus.com/bid/103159 https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html https://www.debian.org/security/2018/dsa-4217 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=bebd3a1f50b0a27738d8d3da5b33c1b392eb7273 https://nvd.nist.gov https://www.debian.org/security/./dsa-4217 https://access.redhat.com/security/cve/cve-2018-7419

CVE-2018-7419

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect