KLA11201
Multiple vulnerabilities in Wireshark
Updated: 07/05/2018
CVSS
?
5.0
Detect date
?
02/23/2018
Severity
?
Warning
Description

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

  1. An improper operand validation offsets in the SIGCOMP protocol dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  2. Infinite loops in multiple dissectors can be exploited remotely via malformed packet to cause denial of service;
  3. An improper certain types of packets handling in the UMTS MAC dissector can be exploited remotely via malformed packet to cause denial of service;
  4. An improper certain types of packets handling in the IEEE 802.11 dissector can be exploited remotely via malformed packet to cause denial of service;
  5. An improper certain types of packets handling in the FCP protocol dissector can be exploited remotely via malformed packet to cause denial of service;
  6. An improper certain types of packets handling in the DOCSIS dissector can be exploited remotely via malformed packet to cause denial of service;
  7. An unspecified vulnerability in pcapng file parser can be exploited remotely via malformed packet to cause denial of service;
  8. An unspecified vulnerability in the IPMI dissector can be exploited remotely via malformed packet to cause denial of service;
  9. An unspecified vulnerability in the SIGCOMP dissector can be exploited remotely via malformed packet to cause denial of service;
  10. An unspecified vulnerability in the NBAP dissector can be exploited remotely via malformed packet to cause denial of service;
Affected products

Wireshark 2.4.x earlier than 2.4.5
Wireshark 2.2.x earlier than 2.2.13
 

Solution

Update to the latest version
Get Wireshark

Original advisories

WNPA-SEC-2018-13
WNPA-SEC-2018-11
WNPA-SEC-2018-09
WNPA-SEC-2018-08
WNPA-SEC-2018-06
WNPA-SEC-2018-12
WNPA-SEC-2018-10
WNPA-SEC-2018-14
WNPA-SEC-2018-05
WNPA-SEC-2018-07

Impacts
?
DoS 
[?]
Related products
Wireshark
CVE-IDS
?

CVE-2018-7337
CVE-2018-7336
CVE-2018-7335
CVE-2018-7334
CVE-2018-7333
CVE-2018-7332
CVE-2018-7331
CVE-2018-7330
CVE-2018-7329
CVE-2018-7328
CVE-2018-7327
CVE-2018-7326
CVE-2018-7325
CVE-2018-7324
CVE-2018-7323
CVE-2018-7322
CVE-2018-7321
CVE-2018-7320