CyberSec.Space Logo
Back to CVE Browser

CVE-2018-14368

HIGH
7.5
CVSS Severity Score
EPSS Score0.1310%
EPSS Percentile39.04th
PublishedJul 19, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.

Affected Platforms (CPE)

πŸ“¦
Wireshark

Wireshark

>= 2.2.0 and <= 2.2.15
πŸ“¦
Wireshark

Wireshark

>= 2.4.0 and <= 2.4.7
πŸ“¦
Wireshark

Wireshark

>= 2.6.0 and <= 2.6.1
πŸ’»
Debian

Debian Linux

= 8.0

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
πŸ”— http://www.securityfocus.com/bid/104847
πŸ”— http://www.securitytracker.com/id/1041608
πŸ”— https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841
πŸ”— https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6c44312f465014eb409d766a9828b7f101f6251c
πŸ”— https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html
πŸ”— https://www.wireshark.org/security/wnpa-sec-2018-40.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html

Related Vulnerabilities

CVE-2007-611210.0

Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (cr...

CVE-2006-363210.0

Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly exe...

CVE-2006-362810.0

Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of se...

CVE-2007-611410.0

Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of servi...