CVE-2018-9261

2018-04-0407:29:00

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

68.3%

JSON

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.

CPENameOperatorVersion
wiresharkeqwireshark-2.2.0
wiresharkeq1.10.3-r1
wiresharkeq2.4.3
wiresharkeq1.10.7-r0
wiresharkeq2.2.11rc0
wiresharkeq1.4.5-r0
wiresharkeq2.2.2
wiresharkeq2.2.4rc0
wiresharkeq2.2.7
wiresharkeq2.0.1-r0

Name	Operator	Version
wireshark	eq	wireshark-2.2.0
wireshark	eq	1.10.3-r1
wireshark	eq	2.4.3
wireshark	eq	1.10.7-r0
wireshark	eq	2.2.11rc0
wireshark	eq	1.4.5-r0
wireshark	eq	2.2.2
wireshark	eq	2.2.4rc0
wireshark	eq	2.2.7
wireshark	eq	2.0.1-r0