Multiple DoS vulnerabilities in Wireshark

Описание

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

1. A recursion depth error in epan/tvbparse.c can be exploited remotely via a malformed packet to cause denial of service;
2. An validating error in in epan/dissectors/packet-mrdisc.c can be exploited remotely via a malformed packet to cause denial of service;
3. A bounds check error in wiretap/vwr.c can be exploited remotely via a malformed packet to cause denial of service;
4. Buffer length validating error in in epan/dissectors/packet-wcp.c can be exploited remotely via a malformed packet to cause denial of service;

---

Technical details

Vulnerability (2) affects only Wireshark 2.2.x versions

NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time.

Первичный источник обнаружения

• wnpa-sec-2018-02
  wnpa-sec-2018-04
  wnpa-sec-2018-01
  wnpa-sec-2018-03
  

Связанные продукты

• Wireshark

Список CVE

• CVE-2018-5334
  warning
• CVE-2018-5336
  warning
• CVE-2018-5335
  warning
• CVE-2017-17997
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com