Denial of service vulnerabilities in Wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2018-14342 CVE-2018-14344 CVE-2018-14340 CVE-2018-14343 CVE-2018-14339 CVE-2018-14341 CVE-2018-14368 CVE-2018-14369 CVE-2018-14367 CVE-2018-14370 |
| CWE-ID | CWE-400 CWE-20 CWE-835 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Wireshark.org |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU14106
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14342
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the BGP dissector to crash.
Mitigation
The vulnerability is addressed in the versions 2.6.2, 2.4.8, 2.2.16
Vulnerable software versionsWireshark: 2.2.0 - 2.6.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.6.1:*:*:*:*:*:*:*
https://www.wireshark.org/security/wnpa-sec-2018-34.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU14107
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14344
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the ISMP dissector to crash.
Mitigation
The vulnerability is addressed in the versions 2.6.2, 2.4.8, 2.2.16
Vulnerable software versionsWireshark: 2.2.0 - 2.6.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.6.1:*:*:*:*:*:*:*
https://www.wireshark.org/security/wnpa-sec-2018-35.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU14108
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14340
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the dissectors that support zlib decompression to crash.
Mitigation
The vulnerability is addressed in the versions 2.6.2, 2.4.8, 2.2.16
Vulnerable software versionsWireshark: 2.2.0 - 2.6.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.6.1:*:*:*:*:*:*:*
https://www.wireshark.org/security/wnpa-sec-2018-36.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU14109
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14343
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the ASN.1 BER dissector to crash.
Mitigation
The vulnerability is addressed in the versions 2.6.2, 2.4.8, 2.2.16
Vulnerable software versionsWireshark: 2.2.0 - 2.6.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.6.1:*:*:*:*:*:*:*
https://www.wireshark.org/security/wnpa-sec-2018-37.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Infinite loop
EUVDB-ID: #VU14110
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14339
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, trigger infinite loop and cause the MMSE dissector to crash.
Mitigation
The vulnerability is addressed in the versions 2.6.2, 2.4.8, 2.2.16
Vulnerable software versionsWireshark: 2.2.0 - 2.6.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.6.1:*:*:*:*:*:*:*
https://www.wireshark.org/security/wnpa-sec-2018-38.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Infinite loop
EUVDB-ID: #VU14111
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14341
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the DICOM dissector to crash.
Mitigation
The vulnerability is addressed in the versions 2.6.2, 2.4.8, 2.2.16
Vulnerable software versionsWireshark: 2.2.0 - 2.6.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.6.1:*:*:*:*:*:*:*
https://www.wireshark.org/security/wnpa-sec-2018-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Infinite loop
EUVDB-ID: #VU14112
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14368
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the Bazaar protocol dissector to crash.
Mitigation
The vulnerability is addressed in the versions 2.6.2, 2.4.8, 2.2.16
Vulnerable software versionsWireshark: 2.2.0 - 2.6.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.6.1:*:*:*:*:*:*:*
https://www.wireshark.org/security/wnpa-sec-2018-40.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU14113
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14369
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the HTTP2 protocol dissector to crash.
Mitigation
The vulnerability is addressed in the versions 2.6.2, 2.4.8, 2.2.16
Vulnerable software versionsWireshark: 2.2.0 - 2.6.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.6.1:*:*:*:*:*:*:*
https://www.wireshark.org/security/wnpa-sec-2018-41.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU14114
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14367
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the CoAP protocol dissector to crash.
Mitigation
The vulnerability is addressed in the versions 2.6.2, 2.4.8, 2.2.16
Vulnerable software versionsWireshark: 2.2.0 - 2.6.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.6.1:*:*:*:*:*:*:*
https://www.wireshark.org/security/wnpa-sec-2018-42.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU14115
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-14370
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the IEEE 802.11 protocol dissector to crash.
Mitigation
The vulnerability is addressed in the versions 2.6.2, 2.4.8.
Wireshark: 2.2.0 - 2.4.7
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:2.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:2.4.7:*:*:*:*:*:*:*
https://www.wireshark.org/security/wnpa-sec-2018-43.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
