Improper input validation in wireshark (Alpine package)

Published: 2018-09-10

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2018-16058
CWE-ID	CWE-20
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	wireshark (Alpine package) Operating systems & Components / Operating system package or component
Vendor	Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper input validation

EUVDB-ID: #VU14580

Risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-16058

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to the epan/dissectors/packet-btavdtp.c source code file of the affected software improperly initializes a data structure. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the AVDTP dissector component to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

wireshark (Alpine package): 2.2.3-r0 - 2.6.2-r0

wireshark (Alpine package):

CPE2.3

External links

https://git.alpinelinux.org/aports/commit/?id=c0c7198ccd06ca0b2cf7244b0be786c36fb405c2
https://git.alpinelinux.org/aports/commit/?id=e9155647732297c2d4e384b3c1c9cca257f2416a
https://git.alpinelinux.org/aports/commit/?id=f12f5f95624bae2596edc0fc0ce7015657cd1602

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.