Published: 04/04/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 9.0

It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 80211, SIGCOMP, LDSS, GSM A DTAP and Q931, which result in denial of service or the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 1 ...

CWE-834 https://www.wireshark.org/security/wnpa-sec-2018-18.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14471 https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html https://www.debian.org/security/2018/dsa-4217 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=66bc372716e04d6a8afdf6712583c9b5d11fee55 https://nvd.nist.gov https://www.debian.org/security/./dsa-4217

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-9261

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect