CVE-2018-9258

Exploit

EPSS 0.69%
Veröffentlicht 04.04.2018 07:29:00
Zuletzt bearbeitet 21.11.2024 04:15:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version >= 2.4.0 <= 2.4.5

Debian ≫ Debian Linux Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.71

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14472

Vendor Advisory

Exploit

Issue Tracking

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2d4695de1477df60b0188fd581c0c279db601978

https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html

Third Party Advisory

Mailing List

https://www.wireshark.org/security/wnpa-sec-2018-21.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-9258

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-9258

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-9258

EUVD