Vulnerabilities > CVE-2018-11358 - Use After Free vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

wireshark

debian

CWE-416

nessus

NVD

Published: 2018-05-22

Updated: 2023-11-07

Summary

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.

Vulnerable Configurations

Part	Description	Count
Application	Wireshark Wireshark Wireshark 2.2.0 Wireshark Wireshark 2.2.1 Wireshark Wireshark 2.2.2 Wireshark Wireshark 2.2.3 Wireshark Wireshark 2.2.4 Wireshark Wireshark 2.2.5 Wireshark Wireshark 2.2.6 Wireshark Wireshark 2.2.7 Wireshark Wireshark 2.2.8 Wireshark Wireshark 2.2.9 Wireshark Wireshark 2.2.10 Wireshark Wireshark 2.2.11 Wireshark Wireshark 2.2.12 Wireshark Wireshark 2.2.13 Wireshark Wireshark 2.2.14 Wireshark Wireshark 2.4.0 Wireshark Wireshark 2.4.1 Wireshark Wireshark 2.4.2 Wireshark Wireshark 2.4.3 Wireshark Wireshark 2.4.4 Wireshark Wireshark 2.4.5 Wireshark Wireshark 2.4.6 Wireshark Wireshark 2.6.0	23
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 7.0 Debian Debian Linux 9.0	3

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4217.NASL
description	It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	110318
published	2018-06-05
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110318
title	Debian DSA-4217-1 : wireshark - security update

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_WIRESHARK_2_6_1.NASL
description	The version of Wireshark installed on the remote MacOS/MacOSX host is 2.2.x prior to 2.2.15, 2.4.x prior to 2.4.7, or 2.6.x prior to 2.6.1. It is, therefore, affected by multiple vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	110268
published	2018-05-31
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110268
title	Wireshark 2.2.x < 2.2.15 / 2.4.x < 2.4.7 / 2.6.x < 2.6.1 Multiple Vulnerabilities (MacOS)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-520.NASL
description	This update for wireshark fixes the following issues : Minor vulnerabilities that could be used to trigger dissector crashes or cause excessive memory use by making Wireshark read specially crafted packages from the network or capture files (boo#1094301) : - CVE-2018-11356: DNS dissector crash - CVE-2018-11357: Multiple dissectors could consume excessive memory - CVE-2018-11358: Q.931 dissector crash - CVE-2018-11359: The RRC dissector and other dissectors could crash - CVE-2018-11360: GSM A DTAP dissector crash - CVE-2018-11362: LDSS dissector crash This update to version 2.4.7 also contains bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.7.html
last seen	2020-06-05
modified	2018-05-29
plugin id	110177
published	2018-05-29
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110177
title	openSUSE Security Update : wireshark (openSUSE-2018-520)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-399.NASL
description	This update for wireshark fixes the following issues : Minor vulnerabilities that could be used to trigger dissector crashes or cause excessive memory use by making Wireshark read specially crafted packages from the network or capture files (boo#1094301) : - CVE-2018-11356: DNS dissector crash - CVE-2018-11357: Multiple dissectors could consume excessive memory - CVE-2018-11358: Q.931 dissector crash - CVE-2018-11359: The RRC dissector and other dissectors could crash - CVE-2018-11360: GSM A DTAP dissector crash - CVE-2018-11362: LDSS dissector crash This update to version 2.4.7 also contains bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.7.html
last seen	2020-05-31
modified	2019-03-27
plugin id	123176
published	2019-03-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123176
title	openSUSE Security Update : wireshark (openSUSE-2019-399)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1388.NASL
description	Several issues that could result in a crash within different dissectors have been fixed. Other issues are related to memory leaks or heap-based buffer overflows. All issue could be caused by special crafted and malformed packets. For Debian 7
last seen	2020-03-17
modified	2018-05-29
plugin id	110164
published	2018-05-29
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110164
title	Debian DLA-1388-1 : wireshark security update

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-D1CFA444D2.NASL
description	New version 2.6.1, contains fixes for multiple CVEs. ---- Fixed undefined reference in tshark, corrected build flags usage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-06-06
plugin id	110328
published	2018-06-06
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110328
title	Fedora 27 : 1:wireshark (2018-d1cfa444d2)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-2891-2.NASL
description	This update for wireshark to version 2.4.9 fixes the following issues : Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514). Security issues fixed : CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	118294
published	2018-10-22
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118294
title	SUSE SLES12 Security Update : wireshark (SUSE-SU-2018:2891-2)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-3DFEE621AF.NASL
description	New version 2.6.1, contains fixes for multiple CVEs. ---- Fixed undefined reference in tshark, corrected build flags usage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120367
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120367
title	Fedora 28 : 1:wireshark (2018-3dfee621af)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-2891-1.NASL
description	This update for wireshark to version 2.4.9 fixes the following issues : Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514). Security issues fixed : CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	117821
published	2018-09-28
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117821
title	SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2018:2891-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0693-1.NASL
description	This update for wireshark and libmaxminddb fixes the following issues : Update wireshark to new major version 3.2.2 and introduce libmaxminddb for GeoIP support (bsc#1156288). New features include : Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0, 802.11ax and QUIC Improved support for existing protocols, like HTTP/2 Improved analytics and usability functionalities Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-19
modified	2020-03-16
plugin id	134625
published	2020-03-16
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134625
title	SUSE SLED15 / SLES15 Security Update : wireshark (SUSE-SU-2020:0693-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-1988-1.NASL
description	This update for wireshark fixes vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (bsc#1094301). This includes : - CVE-2018-11356: DNS dissector crash - CVE-2018-11357: Multiple dissectors could consume excessive memory - CVE-2018-11358: Q.931 dissector crash - CVE-2018-11359: The RRC dissector and other dissectors could crash - CVE-2018-11360: GSM A DTAP dissector crash - CVE-2018-11362: LDSS dissector crash Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-21
modified	2019-01-02
plugin id	120052
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120052
title	SUSE SLED15 / SLES15 Security Update : wireshark (SUSE-SU-2018:1988-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2020-362.NASL
description	This update for wireshark and libmaxminddb fixes the following issues : Update wireshark to new major version 3.2.2 and introduce libmaxminddb for GeoIP support (bsc#1156288). New features include : - Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0, 802.11ax and QUIC - Improved support for existing protocols, like HTTP/2 - Improved analytics and usability functionalities This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-03-26
modified	2020-03-20
plugin id	134755
published	2020-03-20
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134755
title	openSUSE Security Update : wireshark (openSUSE-2020-362)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-2412-1.NASL
description	This update for wireshark fixes the following issues: Security issues fixed : - bsc#1094301: Wireshark security update to 2.6.1, 2.4.7, 2.2.15 - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	112015
published	2018-08-20
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/112015
title	SUSE SLES11 Security Update : wireshark (SUSE-SU-2018:2412-1)

NASL family	Windows
NASL id	WIRESHARK_2_6_1.NASL
description	The version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.15, 2.4.x prior to 2.4.6, or 2.6.x prior to 2.6.1. It is, therefore, affected by multiple vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	110269
published	2018-05-31
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110269
title	Wireshark 2.2.x < 2.2.15 / 2.4.x < 2.4.7 / 2.6.x < 2.6.1 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References