7.5

CVE-2018-11357

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version >= 2.2.0 <= 2.2.14
WiresharkWireshark Version >= 2.4.0 <= 2.4.6
WiresharkWireshark Version2.6.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.88% 0.851
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
http://www.securityfocus.com/bid/104308
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041036
Third Party Advisory
VDB Entry
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678
Vendor Advisory
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=ab8a33ef083b9732c89117747a83a905a676faf6
https://www.wireshark.org/security/wnpa-sec-2018-28.html
Vendor Advisory