PT-2018-2538 · Wireshark+2 · Wireshark+2

Published

2018-04-03

Updated

2024-06-15

CVE-2018-19623

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 2.4.0 through 2.4.10 Wireshark versions 2.6.0 through 2.6.4

Description The issue is related to errors in handling input data in the LBMPDM dissector of the Wireshark network traffic analyzer. Exploitation of this issue could allow a remote attacker to cause a denial of service using a specially crafted packet or packet capture file. Additionally, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory.

Recommendations For Wireshark versions 2.4.0 through 2.4.10, update to a version where the LBMPDM dissector issue is addressed. For Wireshark versions 2.6.0 through 2.6.4, update to a version where the LBMPDM dissector issue is addressed. As a temporary workaround, consider disabling the LBMPDM dissector until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189CWE-787

Related Identifiers

ALT-PU-2018-1549

ALT-PU-2018-2763

BDU:2019-00923

CVE-2018-19623

DLA-1634-1

DSA-4359-1

OPENSUSE-SU-2018_4307-1

OPENSUSE-SU-2020:0362-1

OPENSUSE-SU-2020_0362-1

OPENSUSE-SU-2024:11513-1

SUSE-SU-2018:4295-1

SUSE-SU-2018:4298-1

SUSE-SU-2020:0693-1

Affected Products

Alt Linux

Suse

Wireshark

PT-2018-2538 · Wireshark+2 · Wireshark+2

CVE-2018-19623

Weakness Enumeration

Related Identifiers

Affected Products

References · 466