[3.9] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)
CVE-2018-14339: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
CVE-2018-14340: Multiple dissectors could crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-36.html
CVE-2018-14341: DICOM dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-39.html
CVE-2018-14342: BGP dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-34.html
CVE-2018-14343: ASN.1 BER and related dissectors crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-37.html
CVE-2018-14344: ISMP dissector crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-35.html
CVE-2018-14367: CoAP dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-42.html
CVE-2018-14368: Bazaar dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-40.html
CVE-2018-14369: HTTP2 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-41.html
CVE-2018-14370: IEEE 802.11 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
Reference:
https://www.wireshark.org/security/wnpa-sec-2018-43.html
(from redmine: issue id 9158, created on 2018-07-30, closed on 2018-07-31)
- Relations:
- copied_to #9157 (closed)
- parent #9157 (closed)