SB2018031547 - Fedora 28 update for wireshark
Published: March 15, 2018 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2018-7419)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/asn1/nbap/nbap.cnf when DCH ID initialization. A remote attacker can cause the NBAP dissector to crash.
2) Memory corruption (CVE-ID: CVE-2018-7418)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-sigcomp.c when extraction of the length value. A remote attacker can cause the SIGCOMP dissector to crash.
3) Memory corruption (CVE-ID: CVE-2018-7417)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-ipmi-picmg.c when handling crafted packets that lack an IPMI header. A remote attacker can cause the IPMI dissector to crash.
4) Memory corruption (CVE-ID: CVE-2018-7420)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in in wiretap/pcapng.c due to when checking for sysdig event blocks. A remote attacker can cause the pcapng file parser to crash.
5) Memory corruption (CVE-ID: CVE-2018-7320)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-sigcomp.c within SIGCOMP protocol dissector. A remote attacker can perform a denial of service (DoS) attack.
6) Null pointer dereference (CVE-ID: CVE-2018-7336)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in epan/dissectors/packet-fcp.c due to NULL pointer dereference. A remote attacker can cause the FCP protocol dissector to crash.
7) Memory corruption (CVE-ID: CVE-2018-7337)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in plugins/docsis/packet-docsis.c when recursive algorithm had been used for concatenated PDUs. A remote attacker can cause the DOCSIS protocol dissector to crash.
8) Memory corruption (CVE-ID: CVE-2018-7334)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-umts_mac.c when rejecting of a certain reserved value. A remote attacker can cause UMTS MAC dissector to crash.
9) Memory corruption (CVE-ID: CVE-2018-7335)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/crypt/airpdcap.c when rejecting lengths that are too small. A remote attacker can cause the IEEE 802.11 dissector to crash.
10) Memory corruption (CVE-ID: CVE-2018-6836)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists in the netmonrec_comment_destroy function due to boundary error when using the netmonrec_comment_destroy function as defined in the wiretap/netmon.c source code file. A remote attacker can cause the service to crash.
11) Memory corruption (CVE-ID: CVE-2018-5335)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-wcp.c within WCP dissector. A remote attacker can create perform a denial of service (DoS) attack.
12) Memory corruption (CVE-ID: CVE-2018-5334)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in wiretap/vwr.c within IxVeriWave file parser. A remote attacker can create perform a denial of service (DoS) attack.
13) Infinite loop (CVE-ID: CVE-2017-6014)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
14) Denial of service (CVE-ID: CVE-2017-9616)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to memory exhaustion when processing malicious media files. A remote attacker can trick the victim into opening a specially crafted MP4 data, trigger an error in the dissect_mp4_box() function in 'epan/dissectors/file-mp4.c', consume excessive memory and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
15) Denial of service (CVE-ID: CVE-2017-9617)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to memory exhaustion when processing malicious files. A remote attacker can trick the victim into opening a specially crafted DAAP data, trigger an error in the dissect_daap_one_tag() function in 'epan/dissectors/packet-daap.c', consume excessive memory and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
16) Uncontrolled Recursion (CVE-ID: CVE-2017-9766)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
17) Null pointer dereference (CVE-ID: CVE-2017-17997)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-mrdisc.c due to the MRDISC dissector misuses a NULL pointer and crashes. A remote attacker can trigger NULL pointer dereference and cause the service to crash.
Remediation
Install update from vendor's website.