CVE-2018-14438

Published: Jul 20, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

Affected (1)

Products: Wireshark: Wireshark

Wireshark

1 product

Wireshark

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Up to 2.6.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/bid/104876

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14921

Source: cve@mitre.org

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/104876

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14921

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.