KLA11255
Multiple vulnerabilities in Wireshark
Обновлено: 26/06/2019
Дата обнаружения
22/05/2018
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in LDSS dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  2. An unspecified vulnerability in IEEE 1905.1a dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  3. An unspecified vulnerability in RTCP dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  4. An unspecified vulnerability in LTP dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  5. An unspecified vulnerability in DNS dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  6. An unspecified vulnerability in GSM A DTAP dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  7. An unspecified vulnerability in Q.931 dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  8. An unspecified vulnerability in IEEE 802.11 dissector can be exploited remotely via malformed packet trace file to cause denial of service;
  9. An unspecified vulnerability in RRC dissector can be exploited remotely via malformed packet trace file to cause denial of service;

Technical details

Vulnerability (2), (3) and (6) affects only Wireshark 2.6.x

Пораженные продукты

Wireshark earlier than 2.6.1
Wireshark earlier than 2.4.7
Wireshark earlier than 2.2.15

Решение

Update to latest verson
Get Wireshark

Первичный источник обнаружения
wnpa-sec-2018-28
wnpa-sec-2018-26
wnpa-sec-2018-30
wnpa-sec-2018-31
wnpa-sec-2018-27
wnpa-sec-2018-25
wnpa-sec-2018-32
wnpa-sec-2018-33
wnpa-sec-2018-29
Оказываемое влияние
?
DoS 
[?]
Связанные продукты
Wireshark
CVE-IDS
CVE-2018-113545.0Critical
CVE-2018-113555.0Critical
CVE-2018-113565.0Critical
CVE-2018-113575.0Critical
CVE-2018-113585.0Critical
CVE-2018-113595.0Critical
CVE-2018-113605.0Critical
CVE-2018-113615.0Critical
CVE-2018-113625.0Critical