Home

CVE-2018-19622

Description

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.345

Associated Vulnerability

VulnerabilityOS Platform
Wireshark (2.6.5)Windows
Multiple vulnerabilities fixed in Wireshark x64 2.4.11Windows
Multiple vulnerabilities fixed in Wireshark x64 2.6.5Windows
Multiple vulnerabilities fixed in Wireshark (X64) (2.6.5)Windows
Multiple Vulnerabilities are affected in WireShark For Mac 2.4.10Mac
Multiple Vulnerabilities are affected in WireShark For Mac 2.6.4Mac
(RHSA-2020:1047) wireshark security and bug fix update wireshark-1.10.14-24.el7.i686.rpmLinux
(RHSA-2020:1047) wireshark security and bug fix update wireshark-1.10.14-24.el7.x86_64.rpmLinux
(RHSA-2020:1047) wireshark security and bug fix update wireshark-devel-1.10.14-24.el7.i686.rpmLinux
(RHSA-2020:1047) wireshark security and bug fix update wireshark-devel-1.10.14-24.el7.x86_64.rpmLinux
(RHSA-2020:1047) wireshark security and bug fix update wireshark-gnome-1.10.14-24.el7.x86_64.rpmLinux
(RHSA-2020:1047)Moderate: security and bug fix update wireshark-debuginfo-1.10.14-24.el7.i686.rpmLinux
(RHSA-2020:1047)Moderate: security and bug fix update wireshark-debuginfo-1.10.14-24.el7.x86_64.rpmLinux
wireshark Security Update (ALAS-2020-1438) wireshark-gnome-1.10.14-24.amzn2.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-308515Wireshark (2.6.5)
PATCH-338541Wireshark (3.6.24)
PATCH-308515Wireshark (2.6.5)
PATCH-308517Wireshark (X64) (2.6.5)
PATCH-611905WireShark for Mac (Apple Silicon) (4.4.9)
PATCH-611905WireShark for Mac (Apple Silicon) (4.4.9)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234