SB2018080404 - OpenSUSE Linux update for wireshark

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018080404

SB2018080404 - OpenSUSE Linux update for wireshark

Published: August 4, 2018

Security Bulletin ID SB2018080404
Severity
Medium
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 89% Low 11%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2018-14339)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, trigger infinite loop and cause the MMSE dissector to crash.


2) Improper input validation (CVE-ID: CVE-2018-14340)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the dissectors that support zlib decompression to crash.


3) Infinite loop (CVE-ID: CVE-2018-14341)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the DICOM dissector to crash.


4) Resource exhaustion (CVE-ID: CVE-2018-14342)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file,  consume excessive CPU resources and cause the BGP dissector to crash.


5) Improper input validation (CVE-ID: CVE-2018-14343)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the ASN.1 BER dissector to crash.


6) Improper input validation (CVE-ID: CVE-2018-14344)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the ISMP dissector to crash.


7) Infinite loop (CVE-ID: CVE-2018-14368)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an infinite loop when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file, consume excessive CPU resources and cause the Bazaar protocol dissector to crash.


8) Improper input validation (CVE-ID: CVE-2018-14369)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw when handling malicious input. A remote attacker can inject a malformed packet onto the wire or trick the victim into reading a malformed packet trace file and cause the HTTP2 protocol dissector to crash.


9) Infinite loop (CVE-ID: CVE-2018-7325)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validating of a length field. A remote attacker can trigger an infinite loop in epan/dissectors/packet-rpki-rtr.c and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References