Arch Linux Security Advisory ASA-201810-9 ========================================= Severity: High Date : 2018-10-12 CVE-ID : CVE-2018-12086 CVE-2018-18225 CVE-2018-18226 CVE-2018-18227 Package : wireshark-cli Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-779 Summary ======= The package wireshark-cli before version 2.6.4-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 2.6.4-1. # pacman -Syu "wireshark-cli>=2.6.4-1" The problems have been fixed upstream in version 2.6.4. Workaround ========== None. Description =========== - CVE-2018-12086 (arbitrary code execution) A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the OpcUa dissector where a specially crafted structured request could lead to stack overflow. This could be used by an attacker to crash wireshark or execute arbitrary code on the affected host by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2018-18225 (denial of service) A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the CoAP dissector where an invalid frame could lead to NULL-pointer dereference. This could be used by an attacker to crash wireshark by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2018-18226 (denial of service) A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the Steam IHS Discovery dissector where dynamically allocated memory was not properly freed on exception. This could be used by an attacker to crash wireshark by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. - CVE-2018-18227 (denial of service) A flaw has been discovered in wireshark >= 2.6.0 and < 2.6.4 in the MS-WSP dissector where an invalid type could lead to an assertion failure. This could be used by an attacker to crash wireshark by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Impact ====== An attacker can crash wireshark or execute arbitrary code on the affected host by injecting a malformed packet onto the wire or by convincing a local user to read a malformed packet trace file. References ========== https://www.wireshark.org/docs/relnotes/wireshark-2.6.4.html https://www.wireshark.org/security/wnpa-sec-2018-50 https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Found... https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=fc95... https://www.wireshark.org/security/wnpa-sec-2018-49 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15172 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=b2bb... https://www.wireshark.org/security/wnpa-sec-2018-48 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15171 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=6e92... https://www.wireshark.org/security/wnpa-sec-2018-47 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15119 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=536f... https://security.archlinux.org/CVE-2018-12086 https://security.archlinux.org/CVE-2018-18225 https://security.archlinux.org/CVE-2018-18226 https://security.archlinux.org/CVE-2018-18227