Vulnerabilities > CVE-2018-18227 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3282-1.NASL description This update for wireshark fixes the following issues : Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed : CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in : https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-02 plugin id 120138 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120138 title SUSE SLED15 / SLES15 Security Update : wireshark (SUSE-SU-2018:3282-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3590-2.NASL description This update for wireshark fixes the following issues : Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed : CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in : https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2018-12-06 plugin id 119450 published 2018-12-06 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119450 title SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2018:3590-2) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4359.NASL description Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 119892 published 2018-12-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119892 title Debian DSA-4359-1 : wireshark - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-837.NASL description This update for wireshark fixes the following issues : Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed : - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in : https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123350 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123350 title openSUSE Security Update : wireshark (openSUSE-2019-837) NASL family MacOS X Local Security Checks NASL id MACOSX_WIRESHARK_2_6_4.NASL description The version of Wireshark installed on the remote macOS / Mac OS X host is 2.4.x prior to 2.4.10 / 2.6.x prior to 2.6.4. It is, therefore, affected by multiple vulnerabilities. - A buffer overflow condition exists in OPC UA applications due to failure to handle exceptional conditions. An unauthenticated remote attacker can exploit this via carefully structured requests to cause a denial of service condition or the execution of arbitrary code. (CVE-2018-12086) - A stack-based buffer overflow condition exists in Liblouis 3.6.0 in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440 due to failure to handle exceptional conditions. An unauthenticated remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2018-12585) - Multiple denial of service vulnerabilities exist in the following protocol dissectors: CoAP, IHS Discovery, the MS-WSP due to improper handling of exceptional conditions. An unauthenticated remote attacker can exploit this to cause Wireshark to crash by injecting a malformed packet onto the wire, or by convincing a user to read a malformed packet trace file. (CVE-2018-18225, CVE-2018-18226, CVE-2018-18227) last seen 2020-06-01 modified 2020-06-02 plugin id 121309 published 2019-01-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121309 title Wireshark 2.4.x < 2.4.10 / 2.6.x < 2.6.4 Multiple Vulnerabilities (macOS) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1238.NASL description This update for wireshark fixes the following issues : Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed : - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in : https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-10-24 plugin id 118345 published 2018-10-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118345 title openSUSE Security Update : wireshark (openSUSE-2018-1238) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0693-1.NASL description This update for wireshark and libmaxminddb fixes the following issues : Update wireshark to new major version 3.2.2 and introduce libmaxminddb for GeoIP support (bsc#1156288). New features include : Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0, 802.11ax and QUIC Improved support for existing protocols, like HTTP/2 Improved analytics and usability functionalities Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-16 plugin id 134625 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134625 title SUSE SLED15 / SLES15 Security Update : wireshark (SUSE-SU-2020:0693-1) NASL family Windows NASL id WIRESHARK_2_4_10.NASL description The version of Wireshark installed on the remote Windows host is 2.4.x prior to 2.4.10. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 118206 published 2018-10-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118206 title Wireshark 2.4.x < 2.4.10 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3590-1.NASL description This update for wireshark fixes the following issues : Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed : CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in : https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118589 published 2018-11-01 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118589 title SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2018:3590-1) NASL family Windows NASL id WIRESHARK_2_6_4.NASL description The version of Wireshark installed on the remote Windows host is 2.6.x prior to 2.6.4. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 118207 published 2018-10-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118207 title Wireshark 2.6.x < 2.6.4 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-362.NASL description This update for wireshark and libmaxminddb fixes the following issues : Update wireshark to new major version 3.2.2 and introduce libmaxminddb for GeoIP support (bsc#1156288). New features include : - Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0, 802.11ax and QUIC - Improved support for existing protocols, like HTTP/2 - Improved analytics and usability functionalities This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-26 modified 2020-03-20 plugin id 134755 published 2020-03-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134755 title openSUSE Security Update : wireshark (openSUSE-2020-362) NASL family Fedora Local Security Checks NASL id FEDORA_2018-89413A04E0.NASL description New version 2.6.4, contains security fix for CVE-2018-16056, CVE-2018-16057, CVE-2018-16058, CVE-2018-18225, CVE-2018-18226, CVE-2018-18227, CVE-2018-12086. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120589 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120589 title Fedora 28 : 1:wireshark (2018-89413a04e0)
References
- https://www.wireshark.org/security/wnpa-sec-2018-47.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15119
- http://www.securityfocus.com/bid/105583
- http://www.securitytracker.com/id/1041909
- https://www.debian.org/security/2018/dsa-4359
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=d443be449a52f95df5754adc39e1f3472fec2f03