SB2018022704 - Denial of service in Wireshark
Published: February 27, 2018 Updated: April 2, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2018-7332)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validating of a length. A remote attacker can trigger an infinite loop in epan/dissectors/packet-reload.c and perform a denial of service (DoS) attack.
2) Infinite loop (CVE-ID: CVE-2018-7421)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in epan/dissectors/packet-dmp.c due to incorrect supporting of a bounded number of Security Categories for a DMP Security Classification. A remote attacker can trigger an infinite loop in the DMP dissector and cause the service to crash.
3) Null pointer dereference (CVE-ID: CVE-2017-17997)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in epan/dissectors/packet-mrdisc.c due to the MRDISC dissector misuses a NULL pointer and crashes. A remote attacker can trigger NULL pointer dereference and cause the service to crash.
4) Memory corruption (CVE-ID: CVE-2018-7420)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in in wiretap/pcapng.c due to when checking for sysdig event blocks. A remote attacker can cause the pcapng file parser to crash.
5) Memory corruption (CVE-ID: CVE-2018-7419)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/asn1/nbap/nbap.cnf when DCH ID initialization. A remote attacker can cause the NBAP dissector to crash.
6) Memory corruption (CVE-ID: CVE-2018-7418)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-sigcomp.c when extraction of the length value. A remote attacker can cause the SIGCOMP dissector to crash.
7) Memory corruption (CVE-ID: CVE-2018-7417)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-ipmi-picmg.c when handling crafted packets that lack an IPMI header. A remote attacker can cause the IPMI dissector to crash.
8) Memory corruption (CVE-ID: CVE-2018-7337)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in plugins/docsis/packet-docsis.c when recursive algorithm had been used for concatenated PDUs. A remote attacker can cause the DOCSIS protocol dissector to crash.
9) Null pointer dereference (CVE-ID: CVE-2018-7336)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in epan/dissectors/packet-fcp.c due to NULL pointer dereference. A remote attacker can cause the FCP protocol dissector to crash.
10) Memory corruption (CVE-ID: CVE-2018-7335)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/crypt/airpdcap.c when rejecting lengths that are too small. A remote attacker can cause the IEEE 802.11 dissector to crash.
11) Memory corruption (CVE-ID: CVE-2018-7334)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-umts_mac.c when rejecting of a certain reserved value. A remote attacker can cause UMTS MAC dissector to crash.
12) Infinite loop (CVE-ID: CVE-2018-7333)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validating of a chunk size. A remote attacker can trigger an infinite loop in epan/dissectors/packet-rpcrdma.c and perform a denial of service (DoS) attack.
13) Memory corruption (CVE-ID: CVE-2018-7320)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in epan/dissectors/packet-sigcomp.c within SIGCOMP protocol dissector. A remote attacker can perform a denial of service (DoS) attack.
14) Infinite loop (CVE-ID: CVE-2018-7331)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validating of a length. A remote attacker can trigger an infinite loop in epan/dissectors/packet-ber.c and perform a denial of service (DoS) attack.
15) Infinite loop (CVE-ID: CVE-2018-7330)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to using of incorrect integer data type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-thread.c and perform a denial of service (DoS) attack.
16) Infinite loop (CVE-ID: CVE-2018-7329)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to off-by-one errors. A remote attacker can trigger an infinite loop in epan/dissectors/packet-s7comm.c and perform a denial of service (DoS) attack.
17) Infinite loop (CVE-ID: CVE-2018-7328)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient rejecting of short frame header lengths. A remote attacker can trigger an infinite loop in epan/dissectors/packet-usb.c and perform a denial of service (DoS) attack.
18) Infinite loop (CVE-ID: CVE-2018-7327)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when validating property lengths. A remote attacker can trigger an infinite loop in epan/dissectors/packet-openflow_v6.c and perform a denial of service (DoS) attack.
19) Infinite loop (CVE-ID: CVE-2018-7326)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to using incorrect integer data type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-lltd.c and perform a denial of service (DoS) attack.
20) Infinite loop (CVE-ID: CVE-2018-7325)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validating of a length field. A remote attacker can trigger an infinite loop in epan/dissectors/packet-rpki-rtr.c and perform a denial of service (DoS) attack.
21) Infinite loop (CVE-ID: CVE-2018-7324)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a using of incorrect integer data type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-wccp.c and perform a denial of service (DoS) attack.
22) Infinite loop (CVE-ID: CVE-2018-7323)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a calculated length was not monotonically increasing. A remote attacker can trigger an infinite loop in epan/dissectors/packet-wccp.c and perform a denial of service (DoS) attack.
23) Integer overflow (CVE-ID: CVE-2018-7322)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can trigger an infinite loop in epan/dissectors/packet-dcm.c and perform a denial of service (DoS) attack.
24) Infinite loop (CVE-ID: CVE-2018-7321)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper proceeding with dissection after encountering an unexpected type. A remote attacker can trigger an infinite loop in epan/dissectors/packet-thrift.c and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://www.wireshark.org/security/wnpa-sec-2018-06.html
- https://www.wireshark.org/security/wnpa-sec-2018-02.html
- https://www.wireshark.org/security/wnpa-sec-2018-11.html
- https://www.wireshark.org/security/wnpa-sec-2018-14.html
- https://www.wireshark.org/security/wnpa-sec-2018-13.html
- https://www.wireshark.org/security/wnpa-sec-2018-12.html
- https://www.wireshark.org/security/wnpa-sec-2018-08.html
- https://www.wireshark.org/security/wnpa-sec-2018-09.html
- https://www.wireshark.org/security/wnpa-sec-2018-05.html
- https://www.wireshark.org/security/wnpa-sec-2018-07.html
- https://www.wireshark.org/security/wnpa-sec-2018-10.html