CVE-2018-9256

MEDIUM

Description

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.

References

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14467

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dac48f148538c706c446e5105d84ebcb54587528

https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html

https://www.wireshark.org/security/wnpa-sec-2018-20.html

Details

Source: MITRE

Published: 2018-04-04

Updated: 2019-02-27

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:* versions from 2.2.0 to 2.2.13 (inclusive)

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:* versions from 2.4.0 to 2.4.5 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
121193Debian DLA-1634-1 : wireshark security updateNessusDebian Local Security Checks
high
109198SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2018:0981-1)NessusSuSE Local Security Checks
medium
109197SUSE SLES11 Security Update : wireshark (SUSE-SU-2018:0980-1)NessusSuSE Local Security Checks
medium
108937openSUSE Security Update : wireshark (openSUSE-2018-347)NessusSuSE Local Security Checks
medium
108885Wireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple VulnerabilitiesNessusWindows
medium
108884Wireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities (MacOS)NessusMacOS X Local Security Checks
medium