Home

CVE-2018-11359

Description

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.19

Associated Vulnerability

VulnerabilityOS Platform
Wireshark (2.6.1)Windows
Wireshark (X64) (2.6.1)Windows
Upgrade LibreOffice (x64) 5.2.6 to latest versionWindows
Upgrade libreoffice 5.2.6 to latest versionWindows
Multiple vulnerabilities fixed in Wireshark x64 2.2.15Windows
Multiple vulnerabilities fixed in Wireshark x64 2.4.7Windows
Multiple vulnerabilities fixed in Wireshark x64 2.6.1Windows
Multiple Vulnerabilities are affected in WireShark For Mac 2.6.0Mac
Multiple Vulnerabilities are affected in WireShark For Mac 2.2.14Mac
Multiple Vulnerabilities are affected in WireShark For Mac 2.4.6Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-307573Wireshark (2.6.1)
PATCH-307575Wireshark (X64) (2.6.1)
PATCH-343131LibreOffice (x64) (24.8.3)
PATCH-343130LibreOffice (24.8.3)
PATCH-338541Wireshark (3.6.24)
PATCH-338541Wireshark (3.6.24)
PATCH-307573Wireshark (2.6.1)
PATCH-611905WireShark for Mac (Apple Silicon) (4.4.9)
PATCH-611905WireShark for Mac (Apple Silicon) (4.4.9)
PATCH-611905WireShark for Mac (Apple Silicon) (4.4.9)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234