CVE-2018-5335

CVE-2018-5335

Name

CVE-2018-5335

Description

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.wireshark.org/security/wnpa-sec-2018-04.html
Patch	https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086b87376b988c555484349aa115d6e08ac6db07
Issue Tracking	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251
Third Party Advisory	http://www.securityfocus.com/bid/102500
Third Party Advisory	https://www.debian.org/security/2018/dsa-4101
Mailing List	https://lists.debian.org/debian-lts-announce/2018/01/msg00032.html

Type

URI

Vendor Advisory

https://www.wireshark.org/security/wnpa-sec-2018-04.html

Patch

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086b87376b988c555484349aa115d6e08ac6db07

Issue Tracking

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251

Third Party Advisory

http://www.securityfocus.com/bid/102500

Third Party Advisory

https://www.debian.org/security/2018/dsa-4101

Mailing List

https://lists.debian.org/debian-lts-announce/2018/01/msg00032.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:wireshark:wireshark::::::::`	wireshark	>= 2.2.0	<= 2.2.11
`cpe:2.3:a:wireshark:wireshark::::::::`	wireshark	>= 2.4.0	<= 2.4.3

CPE URI

Source package

Min version

Max version

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

wireshark

>= 2.2.0

<= 2.2.11

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

wireshark

>= 2.4.0

<= 2.4.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
wireshark	edge-community	2.4.4-r0	None	fixed
wireshark	edge-community	2.4.3-r0	None	possibly vulnerable
wireshark	edge-community	2.2.10-r0	None	possibly vulnerable
wireshark	edge-community	2.2.9-r0	None	possibly vulnerable
wireshark	edge-community	2.2.8-r0	None	possibly vulnerable
wireshark	edge-community	2.2.7-r0	None	possibly vulnerable
wireshark	edge-community	2.2.6-r0	None	possibly vulnerable
wireshark	edge-community	2.2.5-r0	None	possibly vulnerable
wireshark	edge-community	2.2.4-r1	None	possibly vulnerable
wireshark	3.22-community	2.4.4-r0	None	fixed
wireshark	3.22-community	2.4.3-r0	None	possibly vulnerable
wireshark	3.22-community	2.2.10-r0	None	possibly vulnerable
wireshark	3.22-community	2.2.9-r0	None	possibly vulnerable
wireshark	3.22-community	2.2.8-r0	None	possibly vulnerable
wireshark	3.22-community	2.2.7-r0	None	possibly vulnerable
wireshark	3.22-community	2.2.6-r0	None	possibly vulnerable
wireshark	3.22-community	2.2.5-r0	None	possibly vulnerable
wireshark	3.22-community	2.2.4-r1	None	possibly vulnerable
wireshark	3.21-community	2.4.4-r0	None	fixed
wireshark	3.20-community	2.4.4-r0	None	fixed
wireshark	3.19-community	2.4.4-r0	None	fixed
wireshark	3.18-community	2.4.4-r0	None	fixed
wireshark	3.17-community	2.4.4-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

wireshark

edge-community

2.4.4-r0

None

fixed

wireshark

edge-community