Debian Wireshark vulnerabilities

CVE-2018-7331 [HIGH] CVE-2018-7331: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c ha... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2018-9257 [HIGH] CVE-2018-9257: wireshark - In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. T... In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (fixed in 2.4.6-1) sid: resolved (fixed in 2.4.6-1) trixie: resolved (fixed in 2.4.6-1)

CVE-2018-7327 [HIGH] CVE-2018-7327: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2018-9263 [HIGH] CVE-2018-9263: wireshark - In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could cr... In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (fixed in 2.4.6-1) sid: resolved (fixed in 2.4.6-1) trixie: resolved (fixed in 2.4.6-1)

CVE-2018-9260 [HIGH] CVE-2018-9260: wireshark - In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector cou... In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (fixed in 2.4.6-1) sid: resolved (fixed in 2.4.6-1) trixie: resolved (f

CVE-2018-7330 [HIGH] CVE-2018-7330: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2018-16056 [HIGH] CVE-2018-16056: wireshark - In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth ... In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. Scope: local bookworm: resolved (fixed in 2.6.3-1) bullseye: resolved (fixed in 2.6.3-1) forky: resolved (fixed in 2.6.3-1) sid: reso

CVE-2018-7324 [HIGH] CVE-2018-7324: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c h... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2018-6836 [CRITICAL] CVE-2018-6836: wireshark - The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through ... The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resol

CVE-2018-7418 [HIGH] CVE-2018-7418: wireshark - In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could cra... In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixe

CVE-2018-7421 [HIGH] CVE-2018-7421: wireshark - In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into... In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.

CVE-2018-9265 [HIGH] CVE-2018-9265: wireshark - In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c... In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (fixed in 2.4.6-1) sid: resolved (fixed in 2.4.6-1) trixie: resolved (fixed in 2.4.6-1)

CVE-2018-9259 [HIGH] CVE-2018-9259: wireshark - In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. ... In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (fixed in 2.4.6-1) sid: resolved (fixed in 2.4.6-1) trixie: resolved (fixed in 2.4.6-1)

CVE-2018-14438 [HIGH] CVE-2018-14438: wireshark - In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file... In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-7329 [HIGH] CVE-2018-7329: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2018-7417 [HIGH] CVE-2018-7417: wireshark - In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash.... In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie:

CVE-2018-7328 [HIGH] CVE-2018-7328: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c ha... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2017-6467 [HIGH] CVE-2017-6467: wireshark - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parse... In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. Scope: local bookworm: resolved (fixed in 2.2.5+g440fd4d-2) bullseye: resolved (fixed in 2.2.5+g440fd4d-2) forky: resolved (fixed in 2.2.5+g440fd4d

CVE-2017-6473 [HIGH] CVE-2017-6473: wireshark - In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser cras... In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. Scope: local bookworm: resolved (fixed in 2.2.5+g440fd4d-2) bullseye: resolved (fixed in 2.2.5+g440fd4d-2) forky: resolved (fixed in 2.2.5+g440fd4d-2

CVE-2017-7745 [HIGH] CVE-2017-7745: wireshark - In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go ... In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. Scope: local bookworm: resolved (fixed in 2.2.6+g32dac6a-1) bullseye: resolved (fixed in 2.2.6+g32dac6a-1) forky: re