CVE-2018-5335

CVE-2018-5335

Name

CVE-2018-5335

Description

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.wireshark.org/security/wnpa-sec-2018-04.html
Patch	https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086b87376b988c555484349aa115d6e08ac6db07
Issue Tracking	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251
Third Party Advisory	http://www.securityfocus.com/bid/102500
Third Party Advisory	https://www.debian.org/security/2018/dsa-4101
Mailing List	https://lists.debian.org/debian-lts-announce/2018/01/msg00032.html

Type

URI

Vendor Advisory

https://www.wireshark.org/security/wnpa-sec-2018-04.html

Patch

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086b87376b988c555484349aa115d6e08ac6db07

Issue Tracking

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251

Third Party Advisory

http://www.securityfocus.com/bid/102500

Third Party Advisory

https://www.debian.org/security/2018/dsa-4101