CVE-2018-19627

CVE-2018-19627

Name

CVE-2018-19627

Description

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.wireshark.org/security/wnpa-sec-2018-55.html
Vendor Advisory	https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bdc33cfaecb1b4cf2c114ed9015713ddf8569a60
Exploit	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15279
Third Party Advisory	http://www.securityfocus.com/bid/106051
Exploit	https://www.exploit-db.com/exploits/45951/
Third Party Advisory	https://www.debian.org/security/2018/dsa-4359
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
N/A	https://www.oracle.com/security-alerts/cpuapr2020.html

Type

URI

Vendor Advisory

https://www.wireshark.org/security/wnpa-sec-2018-55.html

Vendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bdc33cfaecb1b4cf2c114ed9015713ddf8569a60

Exploit

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15279

Third Party Advisory

http://www.securityfocus.com/bid/106051

Exploit

https://www.exploit-db.com/exploits/45951/

Third Party Advisory

https://www.debian.org/security/2018/dsa-4359

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html

N/A

https://www.oracle.com/security-alerts/cpuapr2020.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:wireshark:wireshark::::::::`	wireshark	>= 2.4.0	<= 2.4.10
`cpe:2.3:a:wireshark:wireshark::::::::`	wireshark	>= 2.6.0	<= 2.6.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

wireshark

>= 2.4.0

<= 2.4.10

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

wireshark

>= 2.6.0

<= 2.6.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
wireshark	edge-community	2.6.5-r0	None	fixed
wireshark	edge-community	2.6.4-r0	None	possibly vulnerable
wireshark	edge-community	2.6.3-r0	None	possibly vulnerable
wireshark	edge-community	2.6.2-r0	None	possibly vulnerable
wireshark	edge-community	2.4.7-r0	None	possibly vulnerable
wireshark	edge-community	2.4.6-r0	None	possibly vulnerable
wireshark	edge-community	2.4.5-r0	None	possibly vulnerable
wireshark	edge-community	2.4.4-r0	None	possibly vulnerable
wireshark	edge-community	2.4.3-r0	None	possibly vulnerable
wireshark	3.22-community	2.6.5-r0	None	fixed
wireshark	3.22-community	2.6.4-r0	None	possibly vulnerable
wireshark	3.22-community	2.6.3-r0	None	possibly vulnerable
wireshark	3.22-community	2.6.2-r0	None	possibly vulnerable
wireshark	3.22-community	2.4.7-r0	None	possibly vulnerable
wireshark	3.22-community	2.4.6-r0	None	possibly vulnerable
wireshark	3.22-community	2.4.5-r0	None	possibly vulnerable
wireshark	3.22-community	2.4.4-r0	None	possibly vulnerable
wireshark	3.22-community	2.4.3-r0	None	possibly vulnerable
wireshark	3.21-community	2.6.5-r0	None	fixed
wireshark	3.20-community	2.6.5-r0	None	fixed
wireshark	3.19-community	2.6.5-r0	None	fixed
wireshark	3.18-community	2.6.5-r0	None	fixed
wireshark	3.17-community	2.6.5-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

wireshark

edge-community

2.6.5-r0

None

fixed

wireshark

edge-community