SB2018022704 - Denial of service in Wireshark



SB2018022704 - Denial of service in Wireshark

Published: February 27, 2018 Updated: April 2, 2018

Security Bulletin ID SB2018022704
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 24
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 24 vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2018-7332)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validating of a length. A remote attacker can trigger an infinite loop in epan/dissectors/packet-reload.c and perform a denial of service (DoS) attack.


2) Infinite loop (CVE-ID: CVE-2018-7421)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-dmp.c due to incorrect supporting of a bounded number of Security Categories for a DMP Security Classification. A remote attacker can trigger an infinite loop in the DMP dissector and cause the service to crash.

3) Null pointer dereference (CVE-ID: CVE-2017-17997)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-mrdisc.c due to the MRDISC dissector misuses a NULL pointer and crashes. A remote attacker can trigger NULL pointer dereference and cause the service to crash.

4) Memory corruption (CVE-ID: CVE-2018-7420)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in in wiretap/pcapng.c due to when checking for sysdig event blocks. A remote attacker can cause the pcapng file parser to crash.


5) Memory corruption (CVE-ID: CVE-2018-7419)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/dissectors/asn1/nbap/nbap.cnf when DCH ID initialization. A remote attacker can cause the NBAP dissector to crash.


6) Memory corruption (CVE-ID: CVE-2018-7418)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/dissectors/packet-sigcomp.c when extraction of the length value. A remote attacker can cause the SIGCOMP dissector to crash.


7) Memory corruption (CVE-ID: CVE-2018-7417)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/dissectors/packet-ipmi-picmg.c when handling crafted packets that lack an IPMI header. A remote attacker can cause the IPMI dissector to crash.


8) Memory corruption (CVE-ID: CVE-2018-7337)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in plugins/docsis/packet-docsis.c when recursive algorithm had been used for concatenated PDUs. A remote attacker can cause the DOCSIS protocol dissector to crash.


9) Null pointer dereference (CVE-ID: CVE-2018-7336)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in epan/dissectors/packet-fcp.c due to NULL pointer dereference. A remote attacker can cause the FCP protocol dissector to crash.


10) Memory corruption (CVE-ID: CVE-2018-7335)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/crypt/airpdcap.c when rejecting lengths that are too small. A remote attacker can cause the IEEE 802.11 dissector to crash.


11) Memory corruption (CVE-ID: CVE-2018-7334)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/dissectors/packet-umts_mac.c when rejecting of a certain reserved value. A remote attacker can cause UMTS MAC dissector to crash.


12) Infinite loop (CVE-ID: CVE-2018-7333)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validating of a chunk size. A remote attacker can trigger an infinite loop in epan/dissectors/packet-rpcrdma.c and perform a denial of service (DoS) attack.


13) Memory corruption (CVE-ID: CVE-2018-7320)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in epan/dissectors/packet-sigcomp.c within SIGCOMP protocol dissector. A remote attacker can perform a denial of service (DoS) attack.


14) Infinite loop (CVE-ID: CVE-2018-7331)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validating of a length. A remote attacker can trigger an infinite loop in epan/dissectors/packet-ber.c and perform a denial of service (DoS) attack.


15) Infinite loop (CVE-ID: CVE-2018-7330)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to using of incorrect integer data type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-thread.c and perform a denial of service (DoS) attack.


16) Infinite loop (CVE-ID: CVE-2018-7329)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to off-by-one errors. A remote attacker can trigger an infinite loop in epan/dissectors/packet-s7comm.c and perform a denial of service (DoS) attack.


17) Infinite loop (CVE-ID: CVE-2018-7328)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient rejecting of short frame header lengths. A remote attacker can trigger an infinite loop in epan/dissectors/packet-usb.c and perform a denial of service (DoS) attack.


18) Infinite loop (CVE-ID: CVE-2018-7327)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when validating property lengths. A remote attacker can trigger an infinite loop in epan/dissectors/packet-openflow_v6.c and perform a denial of service (DoS) attack.


19) Infinite loop (CVE-ID: CVE-2018-7326)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to using incorrect integer data type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-lltd.c and perform a denial of service (DoS) attack.


20) Infinite loop (CVE-ID: CVE-2018-7325)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validating of a length field. A remote attacker can trigger an infinite loop in epan/dissectors/packet-rpki-rtr.c and perform a denial of service (DoS) attack.


21) Infinite loop (CVE-ID: CVE-2018-7324)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a using of incorrect integer data type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-wccp.c and perform a denial of service (DoS) attack.


22) Infinite loop (CVE-ID: CVE-2018-7323)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a calculated length was not monotonically increasing. A remote attacker can trigger an infinite loop in epan/dissectors/packet-wccp.c and perform a denial of service (DoS) attack.


23) Integer overflow (CVE-ID: CVE-2018-7322)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow. A remote attacker can trigger an infinite loop in epan/dissectors/packet-dcm.c and perform a denial of service (DoS) attack.


24) Infinite loop (CVE-ID: CVE-2018-7321)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper proceeding with dissection after encountering an unexpected type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-thrift.c and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.