CVE-2018-14339

Published: Jul 19, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.

Affected (4)

Products: Wireshark: Wireshark · Debian: Debian Linux

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	From 2.2.0 to 2.2.15
Wireshark Wireshark	From 2.4.0 to 2.4.7
Wireshark Wireshark	From 2.6.0 to 2.6.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/104847

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041608

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14738

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=3b77c0a596a8071aebc1de71e3f79e5e15e919ca

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://www.wireshark.org/security/wnpa-sec-2018-38.html

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html