PT-2018-12514 · Wireshark+1 · Wireshark+1

Published

2018-07-20

Updated

2018-09-17

CVE-2018-14438

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Wireshark versions prior to 2.6.3

Description The issue arises from the create app running mutex function in wsutil/file util.c, which calls SetSecurityDescriptorDacl to set a NULL DACL. This allows attackers to modify the access control arbitrarily.

Recommendations For Wireshark versions prior to 2.6.3, update to version 2.6.3 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-2268

CVE-2018-14438

Affected Products

Alt Linux

Wireshark

PT-2018-12514 · Wireshark+1 · Wireshark+1

CVE-2018-14438

Weakness Enumeration

Related Identifiers

Affected Products

References · 13