[3.7] wireshark:: Multiple vulnerabilities (CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9267, CVE-2018-9259) (#8822) · Issues · alpine / aports

[3.7] wireshark:: Multiple vulnerabilities (CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9267, CVE-2018-9259)

CVE-2018-9256: LWAPP dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14

References:

https://www.wireshark.org/security/wnpa-sec-2018-20.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9256?cpeVersion=2.2

CVE-2018-9257: CQL infinite loop

Affected versions: 2.4.0 to 2.4.5
Fixed versions: 2.4.6

References:

https://www.wireshark.org/security/wnpa-sec-2018-22.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9257

CVE-2018-9258: TCP dissector crash

Affected versions: 2.4.0 to 2.4.5
Fixed versions: 2.4.6

References:

https://www.wireshark.org/security/wnpa-sec-2018-21.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9258

CVE-2018-9260: IEEE 802.15.4 dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14

References:

https://www.wireshark.org/security/wnpa-sec-2018-17.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9260

CVE-2018-9261: NBAP dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14

References:

https://www.wireshark.org/security/wnpa-sec-2018-18.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9261

CVE-2018-9262: VLAN dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14

References:

https://www.wireshark.org/security/wnpa-sec-2018-19.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9262

CVE-2018-9263: Kerberos dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14

References:

https://www.wireshark.org/security/wnpa-sec-2018-23.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9263

CVE-2018-9264: ADB dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14

References:

https://www.wireshark.org/security/wnpa-sec-2018-16.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9264

CVE-2018-9267: Memory leaks in multiple dissectors

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14

https://www.wireshark.org/security/wnpa-sec-2018-24.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9267

CVE-2018-9259: MP4 dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14

References:

https://www.wireshark.org/security/wnpa-sec-2018-15.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9259

(from redmine: issue id 8822, created on 2018-04-20, closed on 2018-05-02)

Relations:
- copied_to #8821 (closed)
- parent #8821 (closed)
Changesets:
- Revision 82f356f8 on 2018-04-30T19:34:48Z:

community/wireshark: security upgrade to 2.4.6

CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9260,
CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264,
CVE-2018-9267, CVE-2018-10194

Fixes #8822

**CVE-2018-9256**: LWAPP dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13  
Fixed versions: 2.4.6, 2.2.14

### References:

https://www.wireshark.org/security/wnpa-sec-2018-20.html  
https://nvd.nist.gov/vuln/detail/CVE-2018-9256?cpeVersion=2.2

**CVE-2018-9257**: CQL infinite loop

Affected versions: 2.4.0 to 2.4.5  
Fixed versions: 2.4.6

### References:

https://www.wireshark.org/security/wnpa-sec-2018-22.html  
https://nvd.nist.gov/vuln/detail/CVE-2018-9257

**CVE-2018-9258**: TCP dissector crash

Affected versions: 2.4.0 to 2.4.5  
Fixed versions: 2.4.6

### References:

https://www.wireshark.org/security/wnpa-sec-2018-21.html  
https://nvd.nist.gov/vuln/detail/CVE-2018-9258

**CVE-2018-9260**: IEEE 802.15.4 dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13  
Fixed versions: 2.4.6, 2.2.14

### References:

https://www.wireshark.org/security/wnpa-sec-2018-17.html  
https://nvd.nist.gov/vuln/detail/CVE-2018-9260

**CVE-2018-9261**: NBAP dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13  
Fixed versions: 2.4.6, 2.2.14

### References:

https://www.wireshark.org/security/wnpa-sec-2018-18.html  
https://nvd.nist.gov/vuln/detail/CVE-2018-9261

**CVE-2018-9262**: VLAN dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13  
Fixed versions: 2.4.6, 2.2.14

### References:

https://www.wireshark.org/security/wnpa-sec-2018-19.html  
https://nvd.nist.gov/vuln/detail/CVE-2018-9262

**CVE-2018-9263**: Kerberos dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13  
Fixed versions: 2.4.6, 2.2.14

### References:

https://www.wireshark.org/security/wnpa-sec-2018-23.html  
https://nvd.nist.gov/vuln/detail/CVE-2018-9263

**CVE-2018-9264**: ADB dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13  
Fixed versions: 2.4.6, 2.2.14

### References:

https://www.wireshark.org/security/wnpa-sec-2018-16.html  
https://nvd.nist.gov/vuln/detail/CVE-2018-9264

**CVE-2018-9267**: Memory leaks in multiple dissectors

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13  
Fixed versions: 2.4.6, 2.2.14

https://www.wireshark.org/security/wnpa-sec-2018-24.html  
https://nvd.nist.gov/vuln/detail/CVE-2018-9267

**CVE-2018-9259**: MP4 dissector crash

Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13  
Fixed versions: 2.4.6, 2.2.14

### References:

https://www.wireshark.org/security/wnpa-sec-2018-15.html  
https://nvd.nist.gov/vuln/detail/CVE-2018-9259

*(from redmine: issue id 8822, created on 2018-04-20, closed on 2018-05-02)*

* Relations:
  * copied_to #8821
  * parent #8821
* Changesets:
  * Revision 82f356f8c4189cfb0802954a2e20f09baf6a49a0 on 2018-04-30T19:34:48Z:

```
community/wireshark: security upgrade to 2.4.6

CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9260,
CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264,
CVE-2018-9267, CVE-2018-10194

Fixes #8822
```

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.