SB2018040410 - Denial of service in Wireshark
Published: April 4, 2018 Updated: May 15, 2018
Security Bulletin ID
SB2018040410
Severity
Medium
Patch available
YES
Number of vulnerabilities
27
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 27 secuirty vulnerabilities.
1) Improper resource shutdown (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system..The weakness exists due to resource shutdown. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a specially crafted packet trace file and cause the MP4 dissector to crash.
2) Improper resource shutdown (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system..The weakness exists due to resource shutdown. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a specially crafted packet trace file and cause the ADB dissector to crash.
3) Improper resource shutdown (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system..The weakness exists due to resource shutdown. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a specially crafted packet trace file and cause the IEEE 802.15.4 dissector to crash.
4) Improper resource shutdown (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system..The weakness exists due to resource shutdown. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a specially crafted packet trace file and cause the NBAP dissector to crash.
5) Improper resource shutdown (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system..The weakness exists due to resource shutdown. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a specially crafted packet trace file and cause the VLAN dissector to crash.
6) Improper resource shutdown (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system..The weakness exists due to resource shutdown. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a specially crafted packet trace file and cause the LWAPP dissector to crash.
7) Improper resource shutdown (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system..The weakness exists due to resource shutdown. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a specially crafted packet trace file and cause the TCP dissector to crash.
8) Infinite loop (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system..The weakness exists due to infinite loop. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a specially crafted packet trace file, consume excessive CPU resources and cause the CQL dissector to crash.
9) Improper resource shutdown (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system..The weakness exists due to resource shutdown. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a specially crafted packet trace file and cause the Kerberos dissector to crash.
10) Memory leak (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to memory leak. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a specially crafted packet trace file, trigger memory corruption and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223 and PCP dissectors to crash.
11) Memory leak (CVE-ID: CVE-2018-9274)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in ui/failure_message.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.
12) Memory leak (CVE-ID: CVE-2018-9273)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-pcp.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.
13) Memory leak (CVE-ID: CVE-2018-9272)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-h223.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.
14) Memory leak (CVE-ID: CVE-2018-9271)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-multipart.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.
15) Memory leak (CVE-ID: CVE-2018-9270)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/oids.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.
16) Memory leak (CVE-ID: CVE-2018-9269)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-giop.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.
17) Memory leak (CVE-ID: CVE-2018-9268)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-smb2.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.
18) Memory leak (CVE-ID: CVE-2018-9267)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-lapd.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.
19) Memory leak (CVE-ID: CVE-2018-9266)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-isup.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.
20) Memory leak (CVE-ID: CVE-2018-9265)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-tn3270.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the TN3270, ISUP, LAPD, SMB2, GIOP, ASN.1, MIME multipart, H.223, and PCP dissectors to crash.
21) Heap-based buffer overflow (CVE-ID: CVE-2018-9264)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-adb.c due to checking for a length inconsistency. A remote attacker can trick the victim into opening a specially crafted packet trace file, trigger heap-based buffer overflow and cause the ADB dissector to crash.
22) Incorrect calculation (CVE-ID: CVE-2018-9263)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-kerberos.c due to ensuring a nonzero key length. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the Kerberos dissector to crash.
23) Uncontrolled recursion (CVE-ID: CVE-2018-9262)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-vlan.c due to limiting VLAN tag nesting to restrict the recursion depth. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the VLAN dissector to crash.
24) Heap-based buffer overflow (CVE-ID: CVE-2018-9261)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-nbap.c due to prohibiting the self-linking of DCH-IDs. A remote attacker can trick the victim into opening a specially crafted packet trace file, trigger infinite loop and heap-based buffer overflow and cause the NBAP dissector to crash.
25) Uncontrolled memory allocation (CVE-ID: CVE-2018-9260)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-ieee802154.c due to ensuring that an allocation step occurs. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the IEEE 802.15.4 dissector to crash.
26) Uncontrolled recursion (CVE-ID: CVE-2018-9259)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/file-mp4.c due to restricting the box recursion depth. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the MP4 dissector to crash.
27) Insufficient encapsulation (CVE-ID: CVE-2018-9256)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in epan/dissectors/packet-lwapp.c due to limiting the encapsulation levels to restrict the recursion depth. A remote attacker can trick the victim into opening a specially crafted packet trace file and cause the LWAPP dissector to crash.
Remediation
Install update from vendor's website.
References
- https://www.wireshark.org/security/wnpa-sec-2018-15.html
- https://www.wireshark.org/security/wnpa-sec-2018-16.html
- https://www.wireshark.org/security/wnpa-sec-2018-17.html
- https://www.wireshark.org/security/wnpa-sec-2018-18.html
- https://www.wireshark.org/security/wnpa-sec-2018-19.html
- https://www.wireshark.org/security/wnpa-sec-2018-20.html
- https://www.wireshark.org/security/wnpa-sec-2018-21.html
- https://www.wireshark.org/security/wnpa-sec-2018-22.html
- https://www.wireshark.org/security/wnpa-sec-2018-23.html
- https://www.wireshark.org/security/wnpa-sec-2018-24.html