PT-2018-10515 · Wireshark+2 · Wireshark+2

Peter Wu

Published

2018-04-03

Updated

2024-06-15

CVE-2018-11357

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 2.2.0 through 2.2.14 Wireshark versions 2.4.0 through 2.4.6 Wireshark version 2.6.0

Description The issue concerns excessive memory consumption by the LTP dissector and other dissectors in Wireshark. This was resolved by rejecting negative lengths in epan/tvbuff.c.

Recommendations For Wireshark versions 2.2.0 through 2.2.14, update to a version that includes the fix in epan/tvbuff.c to prevent excessive memory consumption. For Wireshark versions 2.4.0 through 2.4.6, update to a version that includes the fix in epan/tvbuff.c to prevent excessive memory consumption. For Wireshark version 2.6.0, update to a version that includes the fix in epan/tvbuff.c to prevent excessive memory consumption.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-1549

ALT-PU-2018-1794

ALT-PU-2018-2487

CVE-2018-11357

DLA-1634-1

MGASA-2018-0266

OPENSUSE-SU-2018_1428-1

OPENSUSE-SU-2020:0362-1

OPENSUSE-SU-2020_0362-1

OPENSUSE-SU-2024:11513-1

SUSE-SU-2018:1988-1

SUSE-SU-2018:2412-1

SUSE-SU-2018:2891-1

SUSE-SU-2018:2891-2

SUSE-SU-2020:0693-1

Affected Products

Alt Linux

Suse

Wireshark

PT-2018-10515 · Wireshark+2 · Wireshark+2

CVE-2018-11357

Weakness Enumeration

Related Identifiers

Affected Products

References · 530