{"redhatcve": [{"lastseen": "2022-07-07T11:10:54", "description": "In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-10T15:19:59", "type": "redhatcve", "title": "CVE-2018-9258", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-9258"], "modified": "2022-07-07T11:08:44", "id": "RH:CVE-2018-9258", "href": "https://access.redhat.com/security/cve/cve-2018-9258", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-28T14:12:59", "description": "In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was\naddressed in epan/dissectors/packet-tcp.c by preserving valid data sources.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-04T00:00:00", "type": "ubuntucve", "title": "CVE-2018-9258", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-9258"], "modified": "2018-04-04T00:00:00", "id": "UB:CVE-2018-9258", "href": "https://ubuntu.com/security/CVE-2018-9258", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-09-09T02:56:47", "description": "In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.", "cvss3": {}, "published": "2018-04-04T07:29:00", "type": "debiancve", "title": "CVE-2018-9258", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-9258"], "modified": "2018-04-04T07:29:00", "id": "DEBIANCVE:CVE-2018-9258", "href": "https://security-tracker.debian.org/tracker/CVE-2018-9258", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-06-23T15:27:04", "description": "In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-04T07:29:00", "type": "cve", "title": "CVE-2018-9258", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-9258"], "modified": "2019-02-26T21:15:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/a:wireshark:wireshark:2.4.5"], "id": "CVE-2018-9258", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9258", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:2.4.5:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:32:34", "description": "This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.", "cvss3": {}, "published": "2018-04-05T00:00:00", "type": "openvas", "title": "Wireshark Multiple Denial of Service Vulnerabilities -01 Apr18 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9257", "CVE-2018-9258"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310813069", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813069", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Wireshark Multiple Denial of Service Vulnerabilities -01 Apr18 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wireshark:wireshark\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813069\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-9257\", \"CVE-2018-9258\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-05 16:18:35 +0530 (Thu, 05 Apr 2018)\");\n script_name(\"Wireshark Multiple Denial of Service Vulnerabilities -01 Apr18 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n multiple input validation errors in 'epan/dissectors/packet-tcp.c' and\n 'epan/dissectors/packet-cql.c' scripts.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will make Wireshark\n crash by injecting malformed packets.\");\n\n script_tag(name:\"affected\", value:\"Wireshark version 2.4.0 to 2.4.5 on\n Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 2.4.6 or later. Please see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/#download\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-21\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-22\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"2.4.0\", test_version2:\"2.4.5\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2.4.6\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:34", "description": "This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.", "cvss3": {}, "published": "2018-04-05T00:00:00", "type": "openvas", "title": "Wireshark Multiple Denial of Service Vulnerabilities -01 Apr18 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9257", "CVE-2018-9258"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310813068", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813068", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Wireshark Multiple Denial of Service Vulnerabilities -01 Apr18 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wireshark:wireshark\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813068\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-9257\", \"CVE-2018-9258\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-05 16:18:35 +0530 (Thu, 05 Apr 2018)\");\n script_name(\"Wireshark Multiple Denial of Service Vulnerabilities -01 Apr18 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n multiple input validation errors in 'epan/dissectors/packet-tcp.c' and\n 'epan/dissectors/packet-cql.c' scripts.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will make Wireshark\n crash by injecting malformed packets.\");\n\n script_tag(name:\"affected\", value:\"Wireshark version 2.4.0 to 2.4.5 on\n Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 2.4.6 or later. Please see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/#download\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-21\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-22\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"2.4.0\", test_version2:\"2.4.5\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2.4.6\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:09:11", "description": "Several issues that could result in a crash within different dissectors have been fixed. Other issues are related to memory leaks or heap-based buffer overflows.\n\n\nAll issue could be caused by special crafted and malformed packets.", "cvss3": {}, "published": "2018-05-29T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for wireshark (DLA-1388-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9261", "CVE-2018-9268", "CVE-2018-11358", "CVE-2018-11362", "CVE-2018-9258", "CVE-2018-9269", "CVE-2018-9270", "CVE-2018-9260", "CVE-2018-9263"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891388", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891388\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-11358\", \"CVE-2018-11362\", \"CVE-2018-9258\", \"CVE-2018-9260\", \"CVE-2018-9261\",\n \"CVE-2018-9263\", \"CVE-2018-9268\", \"CVE-2018-9269\", \"CVE-2018-9270\");\n script_name(\"Debian LTS: Security Advisory for wireshark (DLA-1388-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-29 00:00:00 +0200 (Tue, 29 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"wireshark on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.12.1+g01b65bf-4+deb8u6~deb7u11.\n\nWe recommend that you upgrade your wireshark packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues that could result in a crash within different dissectors have been fixed. Other issues are related to memory leaks or heap-based buffer overflows.\n\n\nAll issue could be caused by special crafted and malformed packets.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\n# nb: libwireshark2, libwiretap2 and libwsutil2 having a lower version 1.8.2-5wheezy18, keep this in mind when overwriting this LSC\nif(!isnull(res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tshark\", ver:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\", rls:\"DEB7\"))) {\n report += res;\n}\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:28:30", "description": "Several issues that could result in a crash within different dissectors have been fixed. Other issues are related to memory leaks or heap-based buffer overflows.\n\nAll issue could be caused by special crafted and malformed packets.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6~deb7u11.\n\nWe recommend that you upgrade your wireshark packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-29T00:00:00", "type": "nessus", "title": "Debian DLA-1388-1 : wireshark security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11358", "CVE-2018-11362", "CVE-2018-9258", "CVE-2018-9260", "CVE-2018-9261", "CVE-2018-9263", "CVE-2018-9268", "CVE-2018-9269", "CVE-2018-9270"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wireshark-common", "p-cpe:/a:debian:debian_linux:wireshark-dbg", "p-cpe:/a:debian:debian_linux:wireshark-dev", "p-cpe:/a:debian:debian_linux:wireshark-doc", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libwireshark-data", "p-cpe:/a:debian:debian_linux:libwireshark-dev", "p-cpe:/a:debian:debian_linux:libwireshark2", "p-cpe:/a:debian:debian_linux:libwiretap-dev", "p-cpe:/a:debian:debian_linux:libwiretap2", "p-cpe:/a:debian:debian_linux:libwsutil-dev", "p-cpe:/a:debian:debian_linux:libwsutil2", "p-cpe:/a:debian:debian_linux:tshark", "p-cpe:/a:debian:debian_linux:wireshark"], "id": "DEBIAN_DLA-1388.NASL", "href": "https://www.tenable.com/plugins/nessus/110164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1388-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110164);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-11358\", \"CVE-2018-11362\", \"CVE-2018-9258\", \"CVE-2018-9260\", \"CVE-2018-9261\", \"CVE-2018-9263\", \"CVE-2018-9268\", \"CVE-2018-9269\", \"CVE-2018-9270\");\n\n script_name(english:\"Debian DLA-1388-1 : wireshark security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues that could result in a crash within different\ndissectors have been fixed. Other issues are related to memory leaks\nor heap-based buffer overflows.\n\nAll issue could be caused by special crafted and malformed packets.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.12.1+g01b65bf-4+deb8u6~deb7u11.\n\nWe recommend that you upgrade your wireshark packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/wireshark\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwireshark-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwireshark-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwireshark2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwiretap-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwiretap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwsutil-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwsutil2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark-data\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark-dev\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark2\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwiretap-dev\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwiretap2\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwsutil-dev\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwsutil2\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tshark\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-common\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-dbg\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-dev\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-doc\", reference:\"1.12.1+g01b65bf-4+deb8u6~deb7u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:49", "description": "The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-06T00:00:00", "type": "nessus", "title": "Wireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9616", "CVE-2018-9256", "CVE-2018-9257", "CVE-2018-9258", "CVE-2018-9259", "CVE-2018-9260", "CVE-2018-9261", "CVE-2018-9262", "CVE-2018-9263", "CVE-2018-9264", "CVE-2018-9265", "CVE-2018-9266", "CVE-2018-9267", "CVE-2018-9268", "CVE-2018-9269", "CVE-2018-9270", "CVE-2018-9271", "CVE-2018-9272", "CVE-2018-9273", "CVE-2018-9274"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_2_4_6.NASL", "href": "https://www.tenable.com/plugins/nessus/108885", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108885);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-9616\",\n \"CVE-2018-9256\",\n \"CVE-2018-9257\",\n \"CVE-2018-9258\",\n \"CVE-2018-9259\",\n \"CVE-2018-9260\",\n \"CVE-2018-9261\",\n \"CVE-2018-9262\",\n \"CVE-2018-9263\",\n \"CVE-2018-9264\",\n \"CVE-2018-9265\",\n \"CVE-2018-9266\",\n \"CVE-2018-9267\",\n \"CVE-2018-9268\",\n \"CVE-2018-9269\",\n \"CVE-2018-9270\",\n \"CVE-2018-9271\",\n \"CVE-2018-9272\",\n \"CVE-2018-9273\",\n \"CVE-2018-9274\"\n );\n script_bugtraq_id(99085);\n\n script_name(english:\"Wireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Wireshark.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Wireshark installed on the remote Windows host is \n2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore,\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-15.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-16.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-17.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-18.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-21.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-23.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-24.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark version 2.2.14 / 2.4.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9274\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"installed_sw/Wireshark\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"Wireshark\", win_local:TRUE);\n\nconstraints = [\n { \"min_version\" : \"2.2.0\", \"fixed_version\" : \"2.2.14\" },\n { \"min_version\" : \"2.4.0\", \"fixed_version\" : \"2.4.6\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:37:19", "description": "The version of Wireshark installed on the remote MacOS/MacOSX host is 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-06T00:00:00", "type": "nessus", "title": "Wireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities (MacOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9616", "CVE-2018-9256", "CVE-2018-9257", "CVE-2018-9258", "CVE-2018-9259", "CVE-2018-9260", "CVE-2018-9261", "CVE-2018-9262", "CVE-2018-9263", "CVE-2018-9264", "CVE-2018-9265", "CVE-2018-9266", "CVE-2018-9267", "CVE-2018-9268", "CVE-2018-9269", "CVE-2018-9270", "CVE-2018-9271", "CVE-2018-9272", "CVE-2018-9273", "CVE-2018-9274"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "MACOS_WIRESHARK_2_4_6.NASL", "href": "https://www.tenable.com/plugins/nessus/108884", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108884);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-9616\",\n \"CVE-2018-9256\",\n \"CVE-2018-9257\",\n \"CVE-2018-9258\",\n \"CVE-2018-9259\",\n \"CVE-2018-9260\",\n \"CVE-2018-9261\",\n \"CVE-2018-9262\",\n \"CVE-2018-9263\",\n \"CVE-2018-9264\",\n \"CVE-2018-9265\",\n \"CVE-2018-9266\",\n \"CVE-2018-9267\",\n \"CVE-2018-9268\",\n \"CVE-2018-9269\",\n \"CVE-2018-9270\",\n \"CVE-2018-9271\",\n \"CVE-2018-9272\",\n \"CVE-2018-9273\",\n \"CVE-2018-9274\"\n );\n script_bugtraq_id(99085);\n\n script_name(english:\"Wireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities (MacOS)\");\n script_summary(english:\"Checks the version of Wireshark.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote MacOS / MacOSX host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Wireshark installed on the remote MacOS/MacOSX host\nis 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore,\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-15.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-16.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-17.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-18.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-21.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-23.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/security/wnpa-sec-2018-24.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark version 2.2.14 / 2.4.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9274\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_wireshark_installed.nbin\");\n script_require_keys(\"installed_sw/Wireshark\", \"Host/MacOSX/Version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"Host/MacOSX/Version\");\n\napp_info = vcf::get_app_info(app:\"Wireshark\");\n\nconstraints = [\n { \"min_version\" : \"2.2.0\", \"fixed_version\" : \"2.2.14\" },\n { \"min_version\" : \"2.4.0\", \"fixed_version\" : \"2.4.6\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-07-21T08:19:26", "description": "\nSeveral issues that could result in a crash within different dissectors\nhave been fixed. Other issues are related to memory leaks or heap-based\nbuffer overflows.\n\n\nAll issue could be caused by special crafted and malformed packets.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n1.12.1+g01b65bf-4+deb8u6~deb7u11.\n\n\nWe recommend that you upgrade your wireshark packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-28T00:00:00", "type": "osv", "title": "wireshark - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-9261", "CVE-2018-9268", "CVE-2018-11358", "CVE-2018-11362", "CVE-2018-9258", "CVE-2018-9269", "CVE-2018-9270", "CVE-2018-9260", "CVE-2018-9263"], "modified": "2022-07-21T05:52:09", "id": "OSV:DLA-1388-1", "href": "https://osv.dev/vulnerability/DLA-1388-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-05T05:18:24", "description": "\nSeveral issues in wireshark, a tool that captures and analyzes packets\noff the wire, have been found by different people.\nThese are basically issues with length checks or invalid memory access in\ndifferent dissectors. This could result in infinite loops or crashes by\nmalicious packets.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n1.12.1+g01b65bf-4+deb8u16.\n\n\nWe recommend that you upgrade your wireshark packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-15T00:00:00", "type": "osv", "title": "wireshark - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11407", "CVE-2018-9268", "CVE-2018-7336", "CVE-2018-9259", "CVE-2018-19626", "CVE-2018-11357", "CVE-2018-11359", "CVE-2018-7332", "CVE-2018-7323", "CVE-2017-7747", "CVE-2018-19625", "CVE-2018-19622", "CVE-2018-9258", "CVE-2018-7417", "CVE-2017-17935", "CVE-2018-9269", "CVE-2018-7418", "CVE-2018-9270", "CVE-2017-15191", "CVE-2017-7746", "CVE-2018-7420", "CVE-2018-16057", "CVE-2017-13765", "CVE-2018-9256", "CVE-2018-9260", "CVE-2018-9263", "CVE-2017-9766", "CVE-2018-7331", "CVE-2018-19623", "CVE-2018-19624", "CVE-2018-16058", "CVE-2017-11409", "CVE-2017-7703", "CVE-2018-11356", "CVE-2017-7700", "CVE-2018-9262", "CVE-2017-11406", "CVE-2018-7322", "CVE-2018-7325", "CVE-2018-7324", "CVE-2017-17997"], "modified": "2022-08-05T05:18:21", "id": "OSV:DLA-1634-1", "href": "https://osv.dev/vulnerability/DLA-1634-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2021-10-22T13:50:50", "description": "Package : wireshark\nVersion : 1.12.1+g01b65bf-4+deb8u6~deb7u11\nCVE ID : CVE-2018-9258 CVE-2018-9260 CVE-2018-9261 CVE-2018-9263\n CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-11358\n CVE-2018-11362\n\n\nSeveral issues that could result in a crash within different dissectors \nhave been fixed. Other issues are related to memory leaks or heap-based \nbuffer overflows.\n\n\nAll issue could be caused by special crafted and malformed packets.\n\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.12.1+g01b65bf-4+deb8u6~deb7u11.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-28T20:34:08", "type": "debian", "title": "[SECURITY] [DLA 1388-1] wireshark security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11358", "CVE-2018-11362", "CVE-2018-9258", "CVE-2018-9260", "CVE-2018-9261", "CVE-2018-9263", "CVE-2018-9268", "CVE-2018-9269", "CVE-2018-9270"], "modified": "2018-05-28T20:34:08", "id": "DEBIAN:DLA-1388-1:8C249", "href": "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
CVE-2018-9258
