CVE-2018-5336

MEDIUM

Description

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.

References

http://www.securityfocus.com/bid/102504

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14253

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f4c95cf46ba6adbd10b09747e10742801bc706b

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6702e49a9720d173246668495eece6d77eca5b0

https://lists.debian.org/debian-lts-announce/2018/01/msg00032.html

https://www.debian.org/security/2018/dsa-4101

https://www.wireshark.org/security/wnpa-sec-2018-01.html

Details

Source: MITRE

Published: 2018-01-11

Updated: 2019-03-12

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (7 total)

ID	Name	Product	Family	Severity
106415	Debian DSA-4101-1 : wireshark - security update	Nessus	Debian Local Security Checks	medium
106408	Debian DLA-1258-1 : wireshark security update	Nessus	Debian Local Security Checks	medium
106342	SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2018:0191-1) (Spectre)	Nessus	SuSE Local Security Checks	medium
106293	SUSE SLES11 Security Update : wireshark (SUSE-SU-2018:0179-1) (Spectre)	Nessus	SuSE Local Security Checks	medium
106142	Wireshark 2.2.x < 2.2.12 / 2.4.x < 2.4.4 DoS Vulnerabilities	Nessus	Windows	high
106141	Wireshark 2.2.x < 2.2.12 / 2.4.x < 2.4.4 DoS Vulnerabilities (MacOS)	Nessus	MacOS X Local Security Checks	high
106061	openSUSE Security Update : wireshark (openSUSE-2018-32) (Spectre)	Nessus	SuSE Local Security Checks	medium