Project

General

Profile

Bug #9159

Bug #9157: wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)

[3.8] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)

Added by Alicha CH 9 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
07/30/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-14339: MMSE dissector infinite loop

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-38.html

CVE-2018-14340: Multiple dissectors could crash

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-36.html

CVE-2018-14341: DICOM dissector large loop

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15

Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-39.html

CVE-2018-14342: BGP dissector large loop

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-34.html

CVE-2018-14343: ASN.1 BER and related dissectors crash.

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-37.html

CVE-2018-14344: ISMP dissector crash.

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-35.html

CVE-2018-14367: CoAP dissector crash

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-42.html

CVE-2018-14368: Bazaar dissector infinite loop

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-40.html

CVE-2018-14369: HTTP2 dissector crash

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-41.html

CVE-2018-14370: IEEE 802.11 dissector crash

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-43.html


Related issues

Copied from Alpine Linux - Bug #9157: wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)Closed07/30/2018

Associated revisions

Revision e7881754 (diff)
Added by Natanael Copa 9 months ago

community/wireshark: upgrade to 2.4.8

CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342,
CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368,
CVE-2018-14369, CVE-2018-14370

fixes #9159

Revision de7f79ec (diff)
Added by Natanael Copa 2 months ago

community/wireshark: upgrade to 2.4.8

CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342,
CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368,
CVE-2018-14369, CVE-2018-14370

fixes #9159

History

#1 Updated by Alicha CH 9 months ago

  • Copied from Bug #9157: wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370) added

#2 Updated by Natanael Copa 9 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 9 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)

Also available in: Atom PDF