Debian Wireshark vulnerabilities

CVE-2018-7334 [HIGH] CVE-2018-7334: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could cr... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.

CVE-2018-19627 [HIGH] CVE-2018-19627: wireshark - In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser coul... In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. Scope: local bookworm: resolved (fixed in 2.6.5-1) bullseye: resolved (fixed in 2.6.5-1) forky: resolved (fixed in 2.6.5-1) sid: resolved (fixed in 2.6.5-1) trixie: resolved (fixed in 2.6.5-1)

CVE-2018-9274 [HIGH] CVE-2018-9274: wireshark - In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memo... In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (fixed in 2.4.6-1) sid: resolved (fixed in 2.4.6-1) trixie: resolved (fixed in 2.4.6-1)

CVE-2018-9266 [HIGH] CVE-2018-9266: wireshark - In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c h... In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (fixed in 2.4.6-1) sid: resolved (fixed in 2.4.6-1) trixie: resolved (fixed in 2.4.6-1)

CVE-2018-9273 [HIGH] CVE-2018-9273: wireshark - In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c ha... In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (fixed in 2.4.6-1) sid: resolved (fixed in 2.4.6-1) trixie: resolved (fixed in 2.4.6-1)

CVE-2018-14341 [HIGH] CVE-2018-14341: wireshark - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM diss... In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. Scope: local bookworm: resolved (fixed in 2.6.2-1) bullseye: resolved (fixed in 2.6.2-1) forky: resolved (fixed in 2.6.2-1) sid: resolved (fixed in 2.6.2-1

CVE-2018-11356 [HIGH] CVE-2018-11356: wireshark - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could... In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. Scope: local bookworm: resolved (fixed in 2.6.1-1) bullseye: resolved (fixed in 2.6.1-1) forky: resolved (fixed in 2.6.1-1) sid: resolved (fixed in 2.6.

CVE-2018-7335 [HIGH] CVE-2018-7335: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2018-9264 [HIGH] CVE-2018-9264: wireshark - In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash w... In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (fixed in 2.4.6-1) sid: resolved (fixed in 2.4.6-1) trixie

CVE-2018-11357 [HIGH] CVE-2018-11357: wireshark - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and o... In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. Scope: local bookworm: resolved (fixed in 2.6.1-1) bullseye: resolved (fixed in 2.6.1-1) forky: resolved (fixed in 2.6.1-1) sid: resolved (fixed in 2.6.1-1) trixie: resolv

CVE-2018-14344 [HIGH] CVE-2018-14344: wireshark - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP disse... In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. Scope: local bookworm: resolved (fixed in 2.6.2-1) bullseye: resolved (fixed in 2.6.2-1) forky: resolved (fixed in 2.6.2-1) sid: resolved (fixed in 2.

CVE-2018-11361 [HIGH] CVE-2018-11361: wireshark - In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was add... In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. Scope: local bookworm: resolved (fixed in 2.6.1-1) bullseye: resolved (fixed in 2.6.1-1) forky: resolved (fixed in 2.6.1-1) sid: resolved (fixed in 2.6.1-1) trixie: res

CVE-2018-14369 [HIGH] CVE-2018-14369: wireshark - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 diss... In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. Scope: local bookworm: resolved (fixed in 2.6.2-1) bullseye: resolved (fixed in 2.6.2-1) forky: resolved (fixed in 2.6.2-1) sid: re

CVE-2018-14340 [HIGH] CVE-2018-14340: wireshark - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors tha... In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. Scope: local bookworm: resolved (fixed in 2.6.2-1) bullseye: resolved (fixed in 2.6.2-1) forky: resolved (fixed in 2.6.2-1) sid: resolved (fixed

CVE-2018-9261 [HIGH] CVE-2018-9261: wireshark - In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash ... In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (fixed in 2.4.6-1) sid:

CVE-2018-14343 [HIGH] CVE-2018-14343: wireshark - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER ... In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. Scope: local bookworm: resolved (fixed in 2.6.2-1) bullseye: resolved (fixed in 2.6.2-1) forky: resolved (fixed in 2.6.2-1) sid: resolved (

CVE-2018-11362 [HIGH] CVE-2018-11362: wireshark - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector coul... In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. Scope: local bookworm: resolved (fixed in 2.6.1-1) bullseye: resolved (fixed in 2.6.1-1) forky: resolved (fixed in 2.6.1-1) sid: resolved (fixed in 2.

CVE-2018-14342 [HIGH] CVE-2018-14342: wireshark - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protoc... In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. Scope: local bookworm: resolved (fixed in 2.6.2-1) bullseye: resolved (fixed in 2.6.2-1) forky: resolved (fixed in 2.6.2-1) sid: resolved (fixed in 2.6.2-1)

CVE-2018-14339 [HIGH] CVE-2018-14339: wireshark - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE disse... In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. Scope: local bookworm: resolved (fixed in 2.6.2-1) bullseye: resolved (fixed in 2.6.2-1) forky: resolved (fixed in 2.6.2-1) sid: resolved (fixed in 2.6.2-1) trixie: resolved

CVE-2018-18226 [HIGH] CVE-2018-18226: wireshark - In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume sys... In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. Scope: local bookworm: resolved (fixed in 2.6.4-1) bullseye: resolved (fixed in 2.6.4-1) forky: resolved (fixed in 2.6.4-1) sid: resolved (fixed in 2.6.4-1) trixie