rpm package
suse/wireshark&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP1
pkg:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1
Vulnerabilities (68)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-11361 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | May 22, 2018 | In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. | |
| CVE-2018-11360 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | May 22, 2018 | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. | |
| CVE-2018-11359 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | May 22, 2018 | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. | |
| CVE-2018-11358 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | May 22, 2018 | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. | |
| CVE-2018-11357 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | May 22, 2018 | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. | |
| CVE-2018-11356 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | May 22, 2018 | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. | |
| CVE-2018-11355 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | May 22, 2018 | In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. | |
| CVE-2018-11354 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | May 22, 2018 | In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. |
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
Page 4 of 4