PT-2018-2540 · Wireshark+2 · Wireshark+2

Published

2018-10-09

Updated

2024-06-15

CVE-2018-18225

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 2.6.0 through 2.6.3

Description The issue is related to the CoAP dissector in Wireshark, which could crash due to incorrect computation of the piv length. This could potentially allow a remote attacker to cause a denial of service. The problem is associated with incorrect checking of the volume of submitted data.

Recommendations For Wireshark versions 2.6.0 through 2.6.3, update the epan/dissectors/packet-coap.c file to ensure the piv length is correctly computed, as addressed in the fix.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-682

Related Identifiers

ALT-PU-2018-2487

BDU:2019-00925

CVE-2018-18225

DSA-4359-1

OPENSUSE-SU-2020:0362-1

OPENSUSE-SU-2020_0362-1

OPENSUSE-SU-2024:11513-1

SUSE-SU-2020:0693-1

Affected Products

Alt Linux

Suse

Wireshark

PT-2018-2540 · Wireshark+2 · Wireshark+2

CVE-2018-18225

Weakness Enumeration

Related Identifiers

Affected Products

References · 448