Summary: | <net-analyzer/wireshark-2.6.4 multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.wireshark.org/lists/wireshark-announce/201810/msg00000.html | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=664852 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-analyzer/wireshark-2.6.4
|
Runtime testing required: | --- |
Bug Depends on: | 679004 | ||
Bug Blocks: |
Description
Jeroen Roovers (RETIRED)
2018-10-12 07:41:29 UTC
CVE-2018-12086 Detail Current Description Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. ______________________________ CVE-2018-18225 Detail Current Description In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. ______________________________ CVE-2018-18226 Detail Current Description In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. ______________________________ CVE-2018-18227 Detail Current Description In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. |