Kaspersky Threats

CVSS

?

7.5

Detect date

?

07/18/2018

Severity

?

Critical

Description

Multiple serious vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

An unspecified vulnerability in BGP dissector can be exploited remotely via malformed packet to cause denial of service;
An unspecified vulnerability in ISMP dissector can be exploited remotely via malformed packet to cause denial of service;
An unspecified vulnerability can be exploited remotely via malformed packet to cause denial of service;
An unspecified vulnerability in ASN.1 BER dissector can be exploited remotely via malformed packet to cause denial of service;
An unspecified vulnerability in MMSE dissector can be exploited remotely via malformed packet to cause denial of service;
An unspecified vulnerability in DICOM dissector can be exploited remotely via malformed packet to cause denial of service;
An unspecified vulnerability in Bazaar protocol dissector can be exploited remotely via malformed packet to cause denial of service;
An unspecified vulnerability in HTTP2 protocol dissector can be exploited remotely via malformed packet to cause denial of service;
An unspecified vulnerability in CoAP protocol dissector can be exploited remotely via malformed packet to cause denial of service;
An unspecified vulnerability in IEEE 802.11 protocol dissector can be exploited remotely via malformed packet to cause denial of service.

Affected products

Wireshark 2.6.x earlier than 2.6.2
Wireshark 2.4.x earlier than 2.4.8
Wireshark 2.2.x earlier than 2.2.16

Solution

Update to the latest version
Get Wireshark

Original advisories

wnpa-sec-2018-41
wnpa-sec-2018-35
wnpa-sec-2018-43
wnpa-sec-2018-37
wnpa-sec-2018-38
wnpa-sec-2018-39
wnpa-sec-2018-34
wnpa-sec-2018-40
wnpa-sec-2018-36
wnpa-sec-2018-42

Impacts

?

DoS

[?]

CVSS ?	7.5
Detect date ?	07/18/2018
Severity ?	Critical
Description	Multiple serious vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: An unspecified vulnerability in BGP dissector can be exploited remotely via malformed packet to cause denial of service; An unspecified vulnerability in ISMP dissector can be exploited remotely via malformed packet to cause denial of service; An unspecified vulnerability can be exploited remotely via malformed packet to cause denial of service; An unspecified vulnerability in ASN.1 BER dissector can be exploited remotely via malformed packet to cause denial of service; An unspecified vulnerability in MMSE dissector can be exploited remotely via malformed packet to cause denial of service; An unspecified vulnerability in DICOM dissector can be exploited remotely via malformed packet to cause denial of service; An unspecified vulnerability in Bazaar protocol dissector can be exploited remotely via malformed packet to cause denial of service; An unspecified vulnerability in HTTP2 protocol dissector can be exploited remotely via malformed packet to cause denial of service; An unspecified vulnerability in CoAP protocol dissector can be exploited remotely via malformed packet to cause denial of service; An unspecified vulnerability in IEEE 802.11 protocol dissector can be exploited remotely via malformed packet to cause denial of service.
Affected products	Wireshark 2.6.x earlier than 2.6.2 Wireshark 2.4.x earlier than 2.4.8 Wireshark 2.2.x earlier than 2.2.16
Solution	Update to the latest version Get Wireshark
Original advisories	wnpa-sec-2018-41 wnpa-sec-2018-35 wnpa-sec-2018-43 wnpa-sec-2018-37 wnpa-sec-2018-38 wnpa-sec-2018-39 wnpa-sec-2018-34 wnpa-sec-2018-40 wnpa-sec-2018-36 wnpa-sec-2018-42
Impacts ?	DoS [?]
Related products	Wireshark
CVE-IDS ?	CVE-2018-14342 CVE-2018-14344 CVE-2018-14340 CVE-2018-14343 CVE-2018-14339 CVE-2018-14341 CVE-2018-14368 CVE-2018-14369 CVE-2018-14367 CVE-2018-14370