Package wireshark updated to version 2.4.4-alt1.S1 for branch sisyphus in task 198212.

Published: 2018-01-12
Modified: 2024-11-21

CVE-2018-5334

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2018-01-12
Modified: 2024-11-21

CVE-2018-5335

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2018-01-12
Modified: 2024-11-21

CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.0

Package wireshark update in sisyphus on 2018-01-17

ALT-PU-2018-1050-1

Closed vulnerabilities

CVE-2018-5334

CVE-2018-5335

CVE-2018-5336