Debian Wireshark vulnerabilities

CVE-2018-19623 [HIGH] CVE-2018-19623: wireshark - In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could cras... In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. Scope: local bookworm: resolved (fixed in 2.6.5-1) bullseye: resolved (fix

CVE-2018-11360 [HIGH] CVE-2018-11360: wireshark - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissecto... In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. Scope: local bookworm: resolved (fixed in 2.6.1-1) bullseye: resolved (fixed in 2.6.1-1) forky: resolved (fixed in 2.6.1-1) sid: resolved (fixed in 2.6.

CVE-2018-7419 [HIGH] CVE-2018-7419: wireshark - In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash.... In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2018-14370 [HIGH] CVE-2018-14370: wireshark - In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissect... In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. Scope: local bookworm: resolved (fixed in 2.6.2-1) bullseye: resolved (fixed in 2.6.2-1) forky: resolved (fixed in 2.6.2-1) sid: resolved (fixed in 2.6.2-1) trixie: resolve

CVE-2018-12086 [HIGH] CVE-2018-12086: wireshark - Buffer overflow in OPC UA applications allows remote attackers to trigger a stac... Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. Scope: local bookworm: resolved (fixed in 2.6.4-1) bullseye: resolved (fixed in 2.6.4-1) forky: resolved (fixed in 2.6.4-1) sid: resolved (fixed in 2.6.4-1) trixie: resolved (fixed in 2.6.4-1)

CVE-2018-5336 [HIGH] CVE-2018-5336: wireshark - In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and G... In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. Scope: local bookworm: resolved (fixed in 2.4.4-1) bullseye: resolved (fixed in 2.4.4-1) forky: resolved (fixed in 2.4.4-1) sid: resolved (fixed in 2.4.4-1) trixie: resolved (fixed in 2.4.4-

CVE-2018-11359 [HIGH] CVE-2018-11359: wireshark - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and o... In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 2.6.1-1) bullseye: resolved (fixed in 2.6.1-1) forky: resolved (fixed in 2.6.1-1) sid: resolved (fixed in 2.6.1-1) trixie: resolved (fixed i

CVE-2018-14368 [HIGH] CVE-2018-14368: wireshark - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar pro... In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. Scope: local bookworm: resolved (fixed in 2.6.2-1) bullseye: resolved (fixed in 2.6.2-1) forky: resolved (fixed in 2.6.2-1) sid: resolved (fi

CVE-2018-11358 [HIGH] CVE-2018-11358: wireshark - In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector cou... In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. Scope: local bookworm: resolved (fixed in 2.6.1-1) bullseye: resolved (fixed in 2.6.1-1) forky: resolved (fixed in 2.6.1-1) sid: resolved (fixe

CVE-2018-19622 [HIGH] CVE-2018-19622: wireshark - In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go int... In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. Scope: local bookworm: resolved (fixed in 2.6.5-1) bullseye: resolved (fixed in 2.6.5-1) forky: resolved (fixed in 2.6.5-1) sid: resolved (fixed in 2.6.5-1) trixie: resolved (fixed i

CVE-2018-18227 [HIGH] CVE-2018-18227: wireshark - In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector co... In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. Scope: local bookworm: resolved (fixed in 2.6.4-1) bullseye: resolved (fixed in 2.6.4-1) forky: resolved (fixed in 2.6.4-1) sid: resolved (fixed in 2.6.4-1) trixie: resolved (fixed

CVE-2018-7320 [HIGH] CVE-2018-7320: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector ... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5

CVE-2018-19624 [MEDIUM] CVE-2018-19624: wireshark - In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash.... In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 2.6.5-1) bullseye: resolved (fixed in 2.6.5-1) forky: resolved (fixed in 2.6.5-1) sid: resolved (fixed in 2.6.5-1) trixie: resolved (fixed in 2.6.

CVE-2018-19625 [MEDIUM] CVE-2018-19625: wireshark - In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could cra... In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. Scope: local bookworm: resolved (fixed in 2.6.5-1) bullseye: resolved (fixed in 2.6.5-1) forky: resolved (fixed in 2.6.5-1) sid: resolved (fixed in 2.6.5-1) trixie: resolved (fixed in 2.6.5

CVE-2018-5335 [MEDIUM] CVE-2018-5335: wireshark - In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. ... In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. Scope: local bookworm: resolved (fixed in 2.4.4-1) bullseye: resolved (fixed in 2.4.4-1) forky: resolved (fixed in 2.4.4-1) sid: resolved (fixed in 2.4.4-1) trixie: resolved (fixed in 2.4.4-1)

CVE-2018-19626 [MEDIUM] CVE-2018-19626: wireshark - In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash.... In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. Scope: local bookworm: resolved (fixed in 2.6.5-1) bullseye: resolved (fixed in 2.6.5-1) forky: resolved (fixed in 2.6.5-1) sid: resolved (fixed in 2.6.5-1) trixie: resolved (fixed in 2.6.5-1)

CVE-2018-5334 [MEDIUM] CVE-2018-5334: wireshark - In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser coul... In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. Scope: local bookworm: resolved (fixed in 2.4.4-1) bullseye: resolved (fixed in 2.4.4-1) forky: resolved (fixed in 2.4.4-1) sid: resolved (fixed in 2.4.4-1) trixie: resolved (fixed in 2.4.

CVE-2018-7336 [HIGH] CVE-2018-7336: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector coul... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2018-7322 [HIGH] CVE-2018-7322: wireshark - In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c ha... In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.4.5-1) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2018-16057 [HIGH] CVE-2018-16057: wireshark - In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap d... In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. Scope: local bookworm: resolved (fixed in 2.6.3-1) bullseye: resolved (fixed in 2.6.3-1) forky: resolved (fixed in 2.6.3-1) sid: resolved (fixed in 2.6.3-1) t