SB2018022704 - Denial of service in Wireshark
Published: February 27, 2018 Updated: April 2, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2018-7320)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-sigcomp.c within SIGCOMP protocol dissector. A remote attacker can perform a denial of service (DoS) attack.
2) Infinite loop (CVE-ID: CVE-2018-7321)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper proceeding with dissection after encountering an unexpected type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-thrift.c and perform a denial of service (DoS) attack.
3) Integer overflow (CVE-ID: CVE-2018-7322)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can trigger an infinite loop in epan/dissectors/packet-dcm.c and perform a denial of service (DoS) attack.
4) Infinite loop (CVE-ID: CVE-2018-7323)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a calculated length was not monotonically increasing. A remote attacker can trigger an infinite loop in epan/dissectors/packet-wccp.c and perform a denial of service (DoS) attack.
5) Infinite loop (CVE-ID: CVE-2018-7324)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a using of incorrect integer data type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-wccp.c and perform a denial of service (DoS) attack.
6) Infinite loop (CVE-ID: CVE-2018-7325)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validating of a length field. A remote attacker can trigger an infinite loop in epan/dissectors/packet-rpki-rtr.c and perform a denial of service (DoS) attack.
7) Infinite loop (CVE-ID: CVE-2018-7326)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to using incorrect integer data type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-lltd.c and perform a denial of service (DoS) attack.
8) Infinite loop (CVE-ID: CVE-2018-7327)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when validating property lengths. A remote attacker can trigger an infinite loop in epan/dissectors/packet-openflow_v6.c and perform a denial of service (DoS) attack.
9) Infinite loop (CVE-ID: CVE-2018-7328)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient rejecting of short frame header lengths. A remote attacker can trigger an infinite loop in epan/dissectors/packet-usb.c and perform a denial of service (DoS) attack.
10) Infinite loop (CVE-ID: CVE-2018-7329)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to off-by-one errors. A remote attacker can trigger an infinite loop in epan/dissectors/packet-s7comm.c and perform a denial of service (DoS) attack.
11) Infinite loop (CVE-ID: CVE-2018-7330)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to using of incorrect integer data type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-thread.c and perform a denial of service (DoS) attack.
12) Infinite loop (CVE-ID: CVE-2018-7331)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validating of a length. A remote attacker can trigger an infinite loop in epan/dissectors/packet-ber.c and perform a denial of service (DoS) attack.
13) Infinite loop (CVE-ID: CVE-2018-7332)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validating of a length. A remote attacker can trigger an infinite loop in epan/dissectors/packet-reload.c and perform a denial of service (DoS) attack.
14) Infinite loop (CVE-ID: CVE-2018-7333)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validating of a chunk size. A remote attacker can trigger an infinite loop in epan/dissectors/packet-rpcrdma.c and perform a denial of service (DoS) attack.
15) Memory corruption (CVE-ID: CVE-2018-7334)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-umts_mac.c when rejecting of a certain reserved value. A remote attacker can cause UMTS MAC dissector to crash.
16) Memory corruption (CVE-ID: CVE-2018-7335)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/crypt/airpdcap.c when rejecting lengths that are too small. A remote attacker can cause the IEEE 802.11 dissector to crash.
17) Null pointer dereference (CVE-ID: CVE-2018-7336)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in epan/dissectors/packet-fcp.c due to NULL pointer dereference. A remote attacker can cause the FCP protocol dissector to crash.
18) Memory corruption (CVE-ID: CVE-2018-7337)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in plugins/docsis/packet-docsis.c when recursive algorithm had been used for concatenated PDUs. A remote attacker can cause the DOCSIS protocol dissector to crash.
19) Memory corruption (CVE-ID: CVE-2018-7417)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-ipmi-picmg.c when handling crafted packets that lack an IPMI header. A remote attacker can cause the IPMI dissector to crash.
20) Memory corruption (CVE-ID: CVE-2018-7418)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-sigcomp.c when extraction of the length value. A remote attacker can cause the SIGCOMP dissector to crash.
21) Memory corruption (CVE-ID: CVE-2018-7419)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/asn1/nbap/nbap.cnf when DCH ID initialization. A remote attacker can cause the NBAP dissector to crash.
22) Memory corruption (CVE-ID: CVE-2018-7420)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in in wiretap/pcapng.c due to when checking for sysdig event blocks. A remote attacker can cause the pcapng file parser to crash.
23) Null pointer dereference (CVE-ID: CVE-2017-17997)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-mrdisc.c due to the MRDISC dissector misuses a NULL pointer and crashes. A remote attacker can trigger NULL pointer dereference and cause the service to crash.
24) Infinite loop (CVE-ID: CVE-2018-7421)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-dmp.c due to incorrect supporting of a bounded number of Security Categories for a DMP Security Classification. A remote attacker can trigger an infinite loop in the DMP dissector and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://www.wireshark.org/security/wnpa-sec-2018-10.html
- https://www.wireshark.org/security/wnpa-sec-2018-06.html
- https://www.wireshark.org/security/wnpa-sec-2018-07.html
- https://www.wireshark.org/security/wnpa-sec-2018-05.html
- https://www.wireshark.org/security/wnpa-sec-2018-09.html
- https://www.wireshark.org/security/wnpa-sec-2018-08.html
- https://www.wireshark.org/security/wnpa-sec-2018-12.html
- https://www.wireshark.org/security/wnpa-sec-2018-13.html
- https://www.wireshark.org/security/wnpa-sec-2018-14.html
- https://www.wireshark.org/security/wnpa-sec-2018-11.html
- https://www.wireshark.org/security/wnpa-sec-2018-02.html