ID CVE-2018-7418
Summary In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
References
Vulnerable Configurations
  • cpe:2.3:a:wireshark:wireshark:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1655932
title CVE-2018-19622 wireshark: Infinite loop in the MMSE dissector
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment wireshark is earlier than 0:1.10.14-24.el7
          oval oval:com.redhat.rhsa:tst:20201047001
        • comment wireshark is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100924002
      • AND
        • comment wireshark-devel is earlier than 0:1.10.14-24.el7
          oval oval:com.redhat.rhsa:tst:20201047003
        • comment wireshark-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100924004
      • AND
        • comment wireshark-gnome is earlier than 0:1.10.14-24.el7
          oval oval:com.redhat.rhsa:tst:20201047005
        • comment wireshark-gnome is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100924006
rhsa
id RHSA-2020:1047
released 2020-03-31
severity Moderate
title RHSA-2020:1047: wireshark security and bug fix update (Moderate)
rpms
  • wireshark-0:1.10.14-24.el7
  • wireshark-debuginfo-0:1.10.14-24.el7
  • wireshark-devel-0:1.10.14-24.el7
  • wireshark-gnome-0:1.10.14-24.el7
refmap via4
bid 103157
confirm
mlist
  • [debian-lts-announce] 20180418 [SECURITY] [DLA 1353-1] wireshark security update
  • [debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update
Last major update 24-08-2020 - 17:37
Published 23-02-2018 - 22:29
Last modified 24-08-2020 - 17:37
Back to Top