Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 648702 (CVE-2018-6836, CVE-2018-7320, CVE-2018-7321, CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333, CVE-2018-7334, CVE-2018-7335, CVE-2018-7336, CVE-2018-7337, CVE-2018-7417, CVE-2018-7418, CVE-2018-7419, CVE-2018-7420, CVE-2018-7421) - net-analyzer/wireshark: Multiple DoS vulnerabilities
Summary: net-analyzer/wireshark: Multiple DoS vulnerabilities
Status: RESOLVED INVALID
Alias: CVE-2018-6836, CVE-2018-7320, CVE-2018-7321, CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333, CVE-2018-7334, CVE-2018-7335, CVE-2018-7336, CVE-2018-7337, CVE-2018-7417, CVE-2018-7418, CVE-2018-7419, CVE-2018-7420, CVE-2018-7421
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.wireshark.org/security/wn...
Whiteboard: B3 [ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-24 13:57 UTC by GLSAMaker/CVETool Bot
Modified: 2018-10-12 07:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-24 13:57:31 UTC
CVE-2018-7421 (https://nvd.nist.gov/vuln/detail/CVE-2018-7421):
  In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go
  into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by
  correctly supporting a bounded number of Security Categories for a DMP
  Security Classification.

CVE-2018-7420 (https://nvd.nist.gov/vuln/detail/CVE-2018-7420):
  In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser
  could crash. This was addressed in wiretap/pcapng.c by adding a block-size
  check for sysdig event blocks.

CVE-2018-7419 (https://nvd.nist.gov/vuln/detail/CVE-2018-7419):
  In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could
  crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring
  DCH ID initialization.

CVE-2018-7418 (https://nvd.nist.gov/vuln/detail/CVE-2018-7418):
  In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could
  crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting
  the extraction of the length value.

CVE-2018-7417 (https://nvd.nist.gov/vuln/detail/CVE-2018-7417):
  In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could
  crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding
  support for crafted packets that lack an IPMI header.

CVE-2018-7337 (https://nvd.nist.gov/vuln/detail/CVE-2018-7337):
  In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This
  was addressed in plugins/docsis/packet-docsis.c by removing the recursive
  algorithm that had been used for concatenated PDUs.

CVE-2018-7336 (https://nvd.nist.gov/vuln/detail/CVE-2018-7336):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector
  could crash. This was addressed in epan/dissectors/packet-fcp.c by checking
  for a NULL pointer.

CVE-2018-7335 (https://nvd.nist.gov/vuln/detail/CVE-2018-7335):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector
  could crash. This was addressed in epan/crypt/airpdcap.c by rejecting
  lengths that are too small.

CVE-2018-7334 (https://nvd.nist.gov/vuln/detail/CVE-2018-7334):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector
  could crash. This was addressed in epan/dissectors/packet-umts_mac.c by
  rejecting a certain reserved value.

CVE-2018-7333 (https://nvd.nist.gov/vuln/detail/CVE-2018-7333):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by
  validating a chunk size.

CVE-2018-7332 (https://nvd.nist.gov/vuln/detail/CVE-2018-7332):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-reload.c had an infinite loop that was addressed by
  validating a length.

CVE-2018-7331 (https://nvd.nist.gov/vuln/detail/CVE-2018-7331):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-ber.c had an infinite loop that was addressed by
  validating a length.

CVE-2018-7330 (https://nvd.nist.gov/vuln/detail/CVE-2018-7330):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-thread.c had an infinite loop that was addressed by
  using a correct integer data type.

CVE-2018-7329 (https://nvd.nist.gov/vuln/detail/CVE-2018-7329):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by
  correcting off-by-one errors.

CVE-2018-7328 (https://nvd.nist.gov/vuln/detail/CVE-2018-7328):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-usb.c had an infinite loop that was addressed by
  rejecting short frame header lengths.

CVE-2018-7327 (https://nvd.nist.gov/vuln/detail/CVE-2018-7327):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed
  by validating property lengths.

CVE-2018-7326 (https://nvd.nist.gov/vuln/detail/CVE-2018-7326):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-lltd.c had an infinite loop that was addressed by
  using a correct integer data type.

CVE-2018-7325 (https://nvd.nist.gov/vuln/detail/CVE-2018-7325):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by
  validating a length field.

CVE-2018-7324 (https://nvd.nist.gov/vuln/detail/CVE-2018-7324):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-sccp.c had an infinite loop that was addressed by
  using a correct integer data type.

CVE-2018-7323 (https://nvd.nist.gov/vuln/detail/CVE-2018-7323):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-wccp.c had a large loop that was addressed by
  ensuring that a calculated length was monotonically increasing.

CVE-2018-7322 (https://nvd.nist.gov/vuln/detail/CVE-2018-7322):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-dcm.c had an infinite loop that was addressed by
  checking for integer wraparound.

CVE-2018-7321 (https://nvd.nist.gov/vuln/detail/CVE-2018-7321):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,
  epan/dissectors/packet-thrift.c had a large loop that was addressed by not
  proceeding with dissection after encountering an unexpected type.

CVE-2018-7320 (https://nvd.nist.gov/vuln/detail/CVE-2018-7320):
  In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol
  dissector could crash. This was addressed in
  epan/dissectors/packet-sigcomp.c by validating operand offsets.

CVE-2018-6836 (https://nvd.nist.gov/vuln/detail/CVE-2018-6836):
  The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark
  through 2.4.4 performs a free operation on an uninitialized memory address,
  which allows remote attackers to cause a denial of service (application
  crash) or possibly have unspecified other impact.


@Maintainers 2.4.5 is available to download, please call for stabilization when appropriate.