SB2018072444 - Fedora 27 update for wireshark
Published: July 24, 2018 Updated: April 24, 2025
Security Bulletin ID
SB2018072444
Severity
Medium
Patch available
YES
Number of vulnerabilities
10
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2018-14339)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, trigger infinite loop and cause the MMSE dissector to crash.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, trigger infinite loop and cause the MMSE dissector to crash.
2) Improper input validation (CVE-ID: CVE-2018-14340)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the dissectors that support zlib decompression to crash.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the dissectors that support zlib decompression to crash.
3) Infinite loop (CVE-ID: CVE-2018-14341)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the DICOM dissector to crash.
The weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the DICOM dissector to crash.
4) Resource exhaustion (CVE-ID: CVE-2018-14342)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the BGP dissector to crash.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the BGP dissector to crash.
5) Improper input validation (CVE-ID: CVE-2018-14343)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the ASN.1 BER dissector to crash.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the ASN.1 BER dissector to crash.
6) Improper input validation (CVE-ID: CVE-2018-14344)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the ISMP dissector to crash.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the ISMP dissector to crash.
7) Improper input validation (CVE-ID: CVE-2018-14367)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the CoAP protocol dissector to crash.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the CoAP protocol dissector to crash.
8) Infinite loop (CVE-ID: CVE-2018-14368)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the Bazaar protocol dissector to crash.
The weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the Bazaar protocol dissector to crash.
9) Improper input validation (CVE-ID: CVE-2018-14369)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the HTTP2 protocol dissector to crash.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the HTTP2 protocol dissector to crash.
10) Improper input validation (CVE-ID: CVE-2018-14370)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the IEEE 802.11 protocol dissector to crash.
The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the IEEE 802.11 protocol dissector to crash.
Remediation
Install update from vendor's website.