CVE-2018-14339 — Improper Input Validation in Wireshark

CWE-20 — Improper Input Validation CWE-835 — Infinite Loop8 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.7%

top 17.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark Debian Linux

Timeline

PublishedJul 19

Latest updateMay 13

Description

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 2.6.2-1 (bookworm)

▶Debianwireshark/wireshark< 2.6.2-1+3

▶NVDwireshark/wireshark2.2.0 — 2.2.15+2

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-54rw-q7wq-w688: In Wireshark 2↗2022-05-13

▶

OSV

CVE-2018-14339: In Wireshark 2↗2018-07-19

▶

📋Vendor Advisories

Red Hat

wireshark: MMSE dissector infinite loop (wnpa-sec-2018-38)↗2018-07-18

▶

Debian

CVE-2018-14339: wireshark - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE disse...↗2018

▶

💬Community

Bugzilla

CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 wireshark: various flaws [fedora-all]↗2018-07-23

▶

Bugzilla

CVE-2018-14339 wireshark: MMSE dissector infinite loop (wnpa-sec-2018-38)↗2018-07-23

▶

Bugzilla

CVE-2018-7334 wireshark: out of bounds access in UMTS MAC dissector in packet-umts_mac.c↗2018-02-26

▶