SB2020032019 - OpenSUSE Linux update for wireshark

Security Bulletin ID SB2020032019

Severity

Medium

Patch available

YES

Number of vulnerabilities 59

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 59 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2018-11354)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file and cause the IEEE 1905.1a dissector to crash.

2) Buffer overflow (CVE-ID: CVE-2018-11355)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to buffer overflow when handling malicious input. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file, trigger memory corruption and cause the RTCP dissector to crash.

3) Null pointer dereference (CVE-ID: CVE-2018-11356)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-dns.c due to NULL pointer dereference. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file and cause the DNS dissector to crash.

4) Resource exhaustion (CVE-ID: CVE-2018-11357)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/tvbuff.c due to improper validation of user-supplied input. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file, trigger resource exhaustion and cause the LTP dissector and other dissectors to crash.

5) Use-after-free error (CVE-ID: CVE-2018-11358)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-q931.c due to use-after-free memory error. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file, trigger memory corruption and cause the Q.931 dissector and other dissectors to crash.

6) Null pointer dereference (CVE-ID: CVE-2018-11359)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/proto.c due to NULL pointer dereference. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file and cause the RRC dissector and other dissectors to crash.

7) Buffer overflow (CVE-ID: CVE-2018-11360)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-gsm_a_dtap.c due to off-by-one error. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file, trigger buffer overflow and cause the GSM A DTAP dissector to crash.

8) Buffer overflow (CVE-ID: CVE-2018-11361)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/crypt/dot11decrypt.c due to buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file, trigger memory corruption and cause the IEEE 802.11 protocol dissector to crash.

9) Buffer over-read (CVE-ID: CVE-2018-11362)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in epan/dissectors/packet-ldss.c due to buffer over-read upon encountering a missing '' character. A remote attacker can inject a malformed packet onto the wire or convince someone to read a malformed packet trace file, trigger memory corruption and cause the LDSS dissector to crash.

10) Improper input validation (CVE-ID: CVE-2018-12086)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the OpcUa dissector component to crash.

11) Infinite loop (CVE-ID: CVE-2018-14339)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, trigger infinite loop and cause the MMSE dissector to crash.

12) Improper input validation (CVE-ID: CVE-2018-14340)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the dissectors that support zlib decompression to crash.

13) Infinite loop (CVE-ID: CVE-2018-14341)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the DICOM dissector to crash.

14) Resource exhaustion (CVE-ID: CVE-2018-14342)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the BGP dissector to crash.

15) Improper input validation (CVE-ID: CVE-2018-14343)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the ASN.1 BER dissector to crash.

16) Improper input validation (CVE-ID: CVE-2018-14344)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the ISMP dissector to crash.

17) Improper input validation (CVE-ID: CVE-2018-14367)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the CoAP protocol dissector to crash.

18) Infinite loop (CVE-ID: CVE-2018-14368)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the Bazaar protocol dissector to crash.

19) Improper input validation (CVE-ID: CVE-2018-14369)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the HTTP2 protocol dissector to crash.

20) Improper input validation (CVE-ID: CVE-2018-14370)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the IEEE 802.11 protocol dissector to crash.

21) Improper input validation (CVE-ID: CVE-2018-16056)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to the epan/dissectors/packet-btatt.c source code file of the affected software does not verify that a dissector for a specific universally unique identifier (UUID) exists. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the Bluetooth ATT dissector component to crash.

22) Memory corruption (CVE-ID: CVE-2018-16057)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error in the ieee80211_radiotap_iterator_next() function, as defined in the epan/dissectors/packet-ieee80211-radiotap-iter.c source code file. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the Radiotap dissector component to crash.

23) Improper input validation (CVE-ID: CVE-2018-16058)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to the epan/dissectors/packet-btavdtp.c source code file of the affected software improperly initializes a data structure. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the AVDTP dissector component to crash.

24) Improper input validation (CVE-ID: CVE-2018-18225)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the CoAP dissector component to crash.

25) Memory leak (CVE-ID: CVE-2018-18226)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to memory leak in the Steam IHS Discovery dissector when handling malicious input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and gain access to arbitrary data.

26) Improper input validation (CVE-ID: CVE-2018-18227)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the MS-WSP dissector component to crash.

27) Infinite loop (CVE-ID: CVE-2018-19622)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to infinite loop when handling user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the MMSE dissector to crash.

28) Improper input validation (CVE-ID: CVE-2018-19623)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the DLBMPDM dissector to crash.

29) Improper input validation (CVE-ID: CVE-2018-19624)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the PVFS dissector to crash.

30) Improper input validation (CVE-ID: CVE-2018-19625)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the Wireshark dissection engine to crash.

31) Improper input validation (CVE-ID: CVE-2018-19626)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the DCOM dissector to crash.

32) Improper input validation (CVE-ID: CVE-2018-19627)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the IxVeriWave file parser to crash.

33) Improper input validation (CVE-ID: CVE-2018-19628)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the ZigBee ZCL dissector to crash.

34) Resource management error (CVE-ID: CVE-2019-10894)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.

35) Input validation error (CVE-ID: CVE-2019-10895)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.

36) Resource management error (CVE-ID: CVE-2019-10896)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.

37) Resource management error (CVE-ID: CVE-2019-10897)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.

38) Resource management error (CVE-ID: CVE-2019-10898)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.

39) Buffer overflow (CVE-ID: CVE-2019-10899)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.

40) Resource management error (CVE-ID: CVE-2019-10900)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.

41) NULL pointer dereference (CVE-ID: CVE-2019-10901)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.

42) Resource management error (CVE-ID: CVE-2019-10902)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.

43) Resource management error (CVE-ID: CVE-2019-10903)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.

44) Input validation error (CVE-ID: CVE-2019-13619)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the ASN.1 BER dissector in epan/asn1.c. A remote attacker can send malicious traffic to the affected application and perform a denial of service attack.

45) Infinite loop (CVE-ID: CVE-2019-16319)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in Gryphon dissector when processing network packets in the "plugins/epan/gryphon/packet-gryphon.c" file. A remote attacker can consume all available system resources and cause denial of service conditions.

46) Input validation error (CVE-ID: CVE-2019-19553)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in CMS dissector. A remote attacker can send a specially crafted traffic or pass a specially crafted file to the application and perform a denial of service (DoS) attack.

47) Input validation error (CVE-ID: CVE-2019-5716)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the 6LoWPAN dissector to crash.

48) Input validation error (CVE-ID: CVE-2019-5717)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the P_MUL dissector to crash.

49) Input validation error (CVE-ID: CVE-2019-5718)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the RTSE dissector and other ASN.1 dissectors to crash.

50) Input validation error (CVE-ID: CVE-2019-5719)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the ISAKMP dissector to crash.

51) Input validation error (CVE-ID: CVE-2019-5721)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject a malformed packet into a network, to be processed by the affected application, or trick the victim into opening a malicious packet trace file and cause the ENIP protocol dissector to crash.

52) NULL pointer dereference (CVE-ID: CVE-2019-9208)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. A remote attacker can perform a denial of service (DoS) attack.

53) Buffer overflow (CVE-ID: CVE-2019-9209)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.

54) NULL pointer dereference (CVE-ID: CVE-2019-9214)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.

55) Off-by-one (CVE-ID: CVE-2020-7044)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the WASSP dissector. A remote attacker can send specially crafted network traffic, trigger an off-by-one error and crash the application.

56) Input validation error (CVE-ID: CVE-2020-9428)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in EAP dissector within "epan/dissectors/packet-eap.c" . A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

57) Input validation error (CVE-ID: CVE-2020-9429)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in WireGuard dissector in "epan/dissectors/packet-wireguard.c". A remote attacker can perform a denial of service (DoS) attack.

58) Input validation error (CVE-ID: CVE-2020-9430)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in WiMax DLMAP dissector within "plugins/epan/wimax/msg_dlmap.c". A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

59) Memory leak (CVE-ID: CVE-2020-9431)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in LTE RRC dissector within "epan/dissectors/packet-lte-rrc.c". A remote attacker can pass specially crafted data to the application and perform denial of service attack.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html

SB2020032019 - OpenSUSE Linux update for wireshark

Breakdown by Severity

Description

Remediation

References

Please verify you're human