Shodan
Vulnerabilities
Vulnerable Software
Wireshark:  >> Wireshark  >> 2.4.2  Security Vulnerabilities
CVE-2018-14438
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-07-20
CVE-2018-14339
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-07-19
CVE-2018-14340
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-07-19
CVE-2018-14341
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-07-19
CVE-2018-14342
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-07-19
CVE-2018-14343
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-07-19
CVE-2018-14344
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-07-19
CVE-2018-14367
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-07-19
CVE-2018-14368
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-07-19
CVE-2018-14369
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-07-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved