7.8
CVE-2018-14341
- EPSS 3.67%
- Veröffentlicht 19.07.2018 02:29:00
- Zuletzt bearbeitet 21.11.2024 03:48:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.67% | 0.882 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
http://www.securityfocus.com/bid/104847
http://www.securitytracker.com/id/1041608
https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14742
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2e716c32be6aa20e1813b0002878853e71f8b2f4
https://www.wireshark.org/security/wnpa-sec-2018-39.html