| Summary: | <net-analyzer/wireshark-2.6.4 multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | netmon |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.wireshark.org/lists/wireshark-announce/201810/msg00000.html | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=664852 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: |
=net-analyzer/wireshark-2.6.4
|
Runtime testing required: | --- |
| Bug Depends on: | 679004 | ||
| Bug Blocks: | |||
CVE-2018-12086 Detail Current Description Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. ______________________________ CVE-2018-18225 Detail Current Description In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. ______________________________ CVE-2018-18226 Detail Current Description In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. ______________________________ CVE-2018-18227 Detail Current Description In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. |
The following vulnerabilities have been fixed: • wnpa-sec-2018-47[1] MS-WSP dissector crash. Bug 15119[2]. CVE-2018-18227[3]. • wnpa-sec-2018-48[4] Steam IHS Discovery dissector memory leak. Bug 15171[5]. CVE-2018-18226[6]. • wnpa-sec-2018-49[7] CoAP dissector crash. Bug 15172[8]. CVE-2018-18225[9]. • wnpa-sec-2018-50[10] OpcUA dissector crash. CVE-2018-12086[11].