KLA11293
Multiple vulnerabilities in Wireshark
Обновлено: 26/06/2019
Дата обнаружения
18/07/2018
Уровень угрозы
High
Описание

Multiple serious vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

  1. An unspecified vulnerability in BGP dissector can be exploited remotely via malformed packet to cause denial of service;
  2. An unspecified vulnerability in ISMP dissector can be exploited remotely via malformed packet to cause denial of service;
  3. An unspecified vulnerability can be exploited remotely via malformed packet to cause denial of service;
  4. An unspecified vulnerability in ASN.1 BER dissector can be exploited remotely via malformed packet to cause denial of service;
  5. An unspecified vulnerability in MMSE dissector can be exploited remotely via malformed packet to cause denial of service;
  6. An unspecified vulnerability in DICOM dissector can be exploited remotely via malformed packet to cause denial of service;
  7. An unspecified vulnerability in Bazaar protocol dissector can be exploited remotely via malformed packet to cause denial of service;
  8. An unspecified vulnerability in HTTP2 protocol dissector can be exploited remotely via malformed packet to cause denial of service;
  9. An unspecified vulnerability in CoAP protocol dissector can be exploited remotely via malformed packet to cause denial of service;
  10. An unspecified vulnerability in IEEE 802.11 protocol dissector can be exploited remotely via malformed packet to cause denial of service.
Пораженные продукты

Wireshark 2.6.x earlier than 2.6.2
Wireshark 2.4.x earlier than 2.4.8
Wireshark 2.2.x earlier than 2.2.16

Решение

Update to the latest version
Get Wireshark

Первичный источник обнаружения
wnpa-sec-2018-41
wnpa-sec-2018-35
wnpa-sec-2018-43
wnpa-sec-2018-37
wnpa-sec-2018-38
wnpa-sec-2018-39
wnpa-sec-2018-34
wnpa-sec-2018-40
wnpa-sec-2018-36
wnpa-sec-2018-42
Оказываемое влияние
?
DoS 
[?]
Связанные продукты
Wireshark
CVE-IDS
CVE-2018-143427.5Critical
CVE-2018-143447.5Critical
CVE-2018-143407.5Critical
CVE-2018-143437.5Critical
CVE-2018-143397.5Critical
CVE-2018-143417.5Critical
CVE-2018-143687.5Critical
CVE-2018-143697.5Critical
CVE-2018-143677.5Critical
CVE-2018-143707.5Critical