rpm package
suse/wireshark&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (175)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-7420 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. | |
| CVE-2018-7419 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. | |
| CVE-2018-7418 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. | |
| CVE-2018-7417 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. | |
| CVE-2018-7337 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. | |
| CVE-2018-7336 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. | |
| CVE-2018-7335 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. | |
| CVE-2018-7334 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. | |
| CVE-2018-7333 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. | |
| CVE-2018-7332 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. | |
| CVE-2018-7331 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. | |
| CVE-2018-7330 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. | |
| CVE-2018-7329 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. | |
| CVE-2018-7328 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. | |
| CVE-2018-7327 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. | |
| CVE-2018-7326 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. | |
| CVE-2018-7325 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. | |
| CVE-2018-7324 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. | |
| CVE-2018-7323 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. | |
| CVE-2018-7322 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. |
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.
Page 3 of 9