CVE-2018-7321

CVE-2018-7321

Name

CVE-2018-7321

Description

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.wireshark.org/security/wnpa-sec-2018-06.html
Patch	https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c784d551ad50864de1035ce54e72837301cf6aca
Issue Tracking	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14379
Third Party Advisory	http://www.securityfocus.com/bid/103158

Type

URI

Vendor Advisory

https://www.wireshark.org/security/wnpa-sec-2018-06.html

Patch

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c784d551ad50864de1035ce54e72837301cf6aca

Issue Tracking

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14379

Third Party Advisory

http://www.securityfocus.com/bid/103158

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:wireshark:wireshark::::::::`	wireshark	>= 2.2.0	<= 2.2.12
`cpe:2.3:a:wireshark:wireshark::::::::`	wireshark	>= 2.4.0	<= 2.4.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

wireshark

>= 2.2.0

<= 2.2.12

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

wireshark

>= 2.4.0

<= 2.4.4

References

Match rules

Vulnerable and fixed packages