Buffer overflow in wireshark (Alpine package)

1) Buffer overflow

EUVDB-ID: #VU12107

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10194

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists in the pprintg1 function due boundary error when handling of postscript file data written to PDF. A remote unauthenticated attacker can trick the victim into opening a specially crafted PDF file, trigger memory corruption and cause the application to crash or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

wireshark (Alpine package): 2.2.12-r0

External links

http://git.alpinelinux.org/aports/commit/?id=5e753b12c86f19cc249a631482ee1a4a739e45aa
http://git.alpinelinux.org/aports/commit/?id=646b9a7b6b94e05cb166f6a084a22fe8f03264fb
http://git.alpinelinux.org/aports/commit/?id=0c81d393f55e12aad1694ac3ee4ed2b865527f6f
http://git.alpinelinux.org/aports/commit/?id=c13758613f3110e14c2e9eda818406f235d996c1
http://git.alpinelinux.org/aports/commit/?id=dd646650fecf6b0d42ffc26eed4a6da53a6040e5
http://git.alpinelinux.org/aports/commit/?id=3296b080a93bebe2fa5a42ed0bda9351f68b3f30
http://git.alpinelinux.org/aports/commit/?id=82f356f8c4189cfb0802954a2e20f09baf6a49a0
http://git.alpinelinux.org/aports/commit/?id=ec81538d245e98a04f14f8f9c4dc6cad899c18d3

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.