==================================================================== CERT-Renater Note d'Information No. 2018/VULN017 _____________________________________________________________________ DATE : 12/01/2018 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Wireshark versions prior to 2.4.4, 2.2.12. ===================================================================== https://www.wireshark.org/security/wnpa-sec-2018-01.html https://www.wireshark.org/security/wnpa-sec-2018-02.html https://www.wireshark.org/security/wnpa-sec-2018-03.html https://www.wireshark.org/security/wnpa-sec-2018-04.html _____________________________________________________________________ wnpa-sec-2018-01 · Multiple dissectors could crash Summary Name: Multiple dissectors could crash Docid: wnpa-sec-2018-01 Date: January 11, 2018 Affected versions: 2.4.0 to 2.4.3, 2.2.0 to 2.2.11 Fixed versions: 2.4.4, 2.2.12 References: Wireshark bug 14253 CVE-2018-5336 Details Description The JSON, XML, NTP, XMPP, and GDB dissectors could crash. Discovered by Kamil Frankowicz. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.4, 2.2.12 or later. _____________________________________________________________________ wnpa-sec-2018-02 · MRDISC dissector crash Summary Name: MRDISC dissector crash Docid: wnpa-sec-2018-02 Date: January 11, 2018 Affected versions: 2.2.0 to 2.2.11 Fixed versions: 2.2.12 References: Wireshark bug 14299 CVE-2017-17997 Details Description The MRDISC dissector could crash. Discovered by Young. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.2.12 or later. _____________________________________________________________________ wnpa-sec-2018-03 · IxVeriWave file parser crash Summary Name: IxVeriWave file parser crash Docid: wnpa-sec-2018-03 Date: January 11, 2018 Affected versions: 2.4.0 to 2.4.3, 2.2.0 to 2.2.11 Fixed versions: 2.4.4, 2.2.12 References: Wireshark bug 14297 CVE-2018-5334 Details Description The IxVeriWave file parser could crash. Discovered by Young. Impact It may be possible to make Wireshark crash by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.4, 2.2.12 or later. _____________________________________________________________________ wnpa-sec-2018-04 · WCP dissector crash Summary Name: WCP dissector crash Docid: wnpa-sec-2018-04 Date: January 11, 2018 Affected versions: 2.4.0 to 2.4.3, 2.2.0 to 2.2.11 Fixed versions: 2.4.4, 2.2.12 References: Wireshark bug 14251 CVE-2018-5335 Details Description The WCP dissector could crash. Discovered by Kamil Frankowicz. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.4, 2.2.12 or later. ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================