Kaspersky LabKLA11201KLA11201 Multiple vulnerabilities in Wireshark
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.3 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.2%
Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.
Below is a complete list of vulnerabilities:
- An improper operand validation offsets in the SIGCOMP protocol dissector can be exploited remotely via malformed packet trace file to cause denial of service;
- Infinite loops in multiple dissectors can be exploited remotely via malformed packet to cause denial of service;
- An improper certain types of packets handling in the UMTS MAC dissector can be exploited remotely via malformed packet to cause denial of service;
- An improper certain types of packets handling in the IEEE 802.11 dissector can be exploited remotely via malformed packet to cause denial of service;
- An improper certain types of packets handling in the FCP protocol dissector can be exploited remotely via malformed packet to cause denial of service;
- An improper certain types of packets handling in the DOCSIS dissector can be exploited remotely via malformed packet to cause denial of service;
- An unspecified vulnerability in pcapng file parser can be exploited remotely via malformed packet to cause denial of service;
- An unspecified vulnerability in the IPMI dissector can be exploited remotely via malformed packet to cause denial of service;
- An unspecified vulnerability in the SIGCOMP dissector can be exploited remotely via malformed packet to cause denial of service;
- An unspecified vulnerability in the NBAP dissector can be exploited remotely via malformed packet to cause denial of service;
Original advisories
Related products
CVE list
CVE-2018-7324 warning
CVE-2018-7325 warning
CVE-2018-7326 warning
CVE-2018-7327 warning
CVE-2018-7328 warning
CVE-2018-7329 warning
CVE-2018-7330 warning
CVE-2018-7331 warning
CVE-2018-7332 warning
CVE-2018-7333 warning
CVE-2018-7334 warning
CVE-2018-7335 warning
CVE-2018-7336 warning
CVE-2018-7337 warning
CVE-2018-7320 warning
CVE-2018-7321 warning
CVE-2018-7322 warning
CVE-2018-7323 warning
Solution
Update to the latest version
Impacts
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- Wireshark 2.4.x earlier than 2.4.5Wireshark 2.2.x earlier than 2.2.13
References
statistics.securelist.com/
threats.kaspersky.com/en/product/Wireshark/
www.wireshark.org/security/wnpa-sec-2018-05.html
www.wireshark.org/security/wnpa-sec-2018-06.html
www.wireshark.org/security/wnpa-sec-2018-07.html
www.wireshark.org/security/wnpa-sec-2018-08.html
www.wireshark.org/security/wnpa-sec-2018-09.html
www.wireshark.org/security/wnpa-sec-2018-10.html
www.wireshark.org/security/wnpa-sec-2018-11.html
www.wireshark.org/security/wnpa-sec-2018-12.html
www.wireshark.org/security/wnpa-sec-2018-13.html
www.wireshark.org/security/wnpa-sec-2018-14.html
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.3 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.2%