7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.5%
Severity: Critical
Date : 2018-05-25
CVE-ID : CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357
CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361
CVE-2018-11362
Package : wireshark-qt
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-708
The package wireshark-qt before version 2.6.1-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and denial of service.
Upgrade to 2.6.1-1.
The problems have been fixed upstream in version 2.6.1.
None.
An out-of-bounds read has been found in the IEEE 1905.1a dissector of
Wireshark <= 2.6.0.
A heap-based buffer overflow has been found in the RTCP dissector of
Wireshark <= 2.6.0.
A null-pointer dereference has been found in the DNS dissector of
Wireshark <= 2.6.0.
An integer overflow leading to excessive memory allocation has been
found in several dissectors of Wireshark <= 2.6.0.
A heap-based use-after-free has been found in the Q.931 dissector of
Wireshark <= 2.6.0.
A null-pointer dereference has been found in several dissectors of
Wireshark <= 2.6.0.
A heap-based off-by-one write has been found in the GSM A DTAP
dissector of Wireshark <= 2.6.0.
A heap-based out-of-bounds read has been found in the IEEE 802.11
dissector of Wireshark <= 2.6.0.
An out-of-bounds read has been found in the LDSS dissector of Wireshark
<= 2.6.0.
A remote attacker can crash the application, access sensitive
information present in memory or execute arbitrary code on the affected
host via a specially crafted network packet or by convincing a local
user to open a specially crafted PCAP file.
https://www.wireshark.org/security/wnpa-sec-2018-26.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14647
https://www.wireshark.org/security/wnpa-sec-2018-27.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673
https://www.wireshark.org/security/wnpa-sec-2018-29.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681
https://www.wireshark.org/security/wnpa-sec-2018-28.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678
https://www.wireshark.org/security/wnpa-sec-2018-31.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689
https://www.wireshark.org/security/wnpa-sec-2018-33.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703
https://www.wireshark.org/security/wnpa-sec-2018-30.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688
https://www.wireshark.org/security/wnpa-sec-2018-32.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686
https://www.wireshark.org/security/wnpa-sec-2018-25.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615
https://security.archlinux.org/CVE-2018-11354
https://security.archlinux.org/CVE-2018-11355
https://security.archlinux.org/CVE-2018-11356
https://security.archlinux.org/CVE-2018-11357
https://security.archlinux.org/CVE-2018-11358
https://security.archlinux.org/CVE-2018-11359
https://security.archlinux.org/CVE-2018-11360
https://security.archlinux.org/CVE-2018-11361
https://security.archlinux.org/CVE-2018-11362
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | wireshark-qt | < 2.6.1-1 | UNKNOWN |
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14647
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689
bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703
security.archlinux.org/AVG-708
security.archlinux.org/CVE-2018-11354
security.archlinux.org/CVE-2018-11355
security.archlinux.org/CVE-2018-11356
security.archlinux.org/CVE-2018-11357
security.archlinux.org/CVE-2018-11358
security.archlinux.org/CVE-2018-11359
security.archlinux.org/CVE-2018-11360
security.archlinux.org/CVE-2018-11361
security.archlinux.org/CVE-2018-11362
www.wireshark.org/security/wnpa-sec-2018-25.html
www.wireshark.org/security/wnpa-sec-2018-26.html
www.wireshark.org/security/wnpa-sec-2018-27.html
www.wireshark.org/security/wnpa-sec-2018-28.html
www.wireshark.org/security/wnpa-sec-2018-29.html
www.wireshark.org/security/wnpa-sec-2018-30.html
www.wireshark.org/security/wnpa-sec-2018-31.html
www.wireshark.org/security/wnpa-sec-2018-32.html
www.wireshark.org/security/wnpa-sec-2018-33.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.5%