Vulnerabilities > CVE-2018-9261 - Excessive Iteration vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
wireshark
debian
CWE-834
nessus

Summary

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_WIRESHARK_2_4_6.NASL
    descriptionThe version of Wireshark installed on the remote MacOS/MacOSX host is 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id108884
    published2018-04-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108884
    titleWireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities (MacOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108884);
      script_version("1.6");
      script_cvs_date("Date: 2019/11/08");
    
      script_cve_id(
        "CVE-2017-9616",
        "CVE-2018-9256",
        "CVE-2018-9257",
        "CVE-2018-9258",
        "CVE-2018-9259",
        "CVE-2018-9260",
        "CVE-2018-9261",
        "CVE-2018-9262",
        "CVE-2018-9263",
        "CVE-2018-9264",
        "CVE-2018-9265",
        "CVE-2018-9266",
        "CVE-2018-9267",
        "CVE-2018-9268",
        "CVE-2018-9269",
        "CVE-2018-9270",
        "CVE-2018-9271",
        "CVE-2018-9272",
        "CVE-2018-9273",
        "CVE-2018-9274"
      );
      script_bugtraq_id(99085);
    
      script_name(english:"Wireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities (MacOS)");
      script_summary(english:"Checks the version of Wireshark.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote MacOS / MacOSX host is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Wireshark installed on the remote MacOS/MacOSX host
    is 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore,
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-15.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-16.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-17.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-18.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-19.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-20.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-21.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-22.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-23.html");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-24.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Wireshark version 2.2.14 / 2.4.6 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9274");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/06");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_wireshark_installed.nbin");
      script_require_keys("installed_sw/Wireshark", "Host/MacOSX/Version", "Host/local_checks_enabled");
    
      exit(0);
    }
    
    include("vcf.inc");
    
    get_kb_item_or_exit("Host/MacOSX/Version");
    
    app_info = vcf::get_app_info(app:"Wireshark");
    
    constraints = [
      { "min_version" : "2.2.0", "fixed_version" : "2.2.14" },
      { "min_version" : "2.4.0", "fixed_version" : "2.4.6" }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4217.NASL
    descriptionIt was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id110318
    published2018-06-05
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110318
    titleDebian DSA-4217-1 : wireshark - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0981-1.NASL
    descriptionThis update for wireshark fixes the following issues : - Update to wireshark 2.2.14, fix such issues : - bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 - CVE-2018-9256: LWAPP dissector crash - CVE-2018-9260: IEEE 802.15.4 dissector crash - CVE-2018-9261: NBAP dissector crash - CVE-2018-9262: VLAN dissector crash - CVE-2018-9263: Kerberos dissector crash - CVE-2018-9264: ADB dissector crash - CVE-2018-9265: tn3270 dissector has a memory leak - CVE-2018-9266: ISUP dissector memory leak - CVE-2018-9267: LAPD dissector memory leak - CVE-2018-9268: SMB2 dissector memory leak - CVE-2018-9269: GIOP dissector memory leak - CVE-2018-9270: OIDS dissector memory leak - CVE-2018-9271: multipart dissector memory leak - CVE-2018-9272: h223 dissector memory leak - CVE-2018-9273: pcp dissector memory leak - CVE-2018-9274: failure message memory leak - CVE-2018-9259: MP4 dissector crash Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109198
    published2018-04-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109198
    titleSUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2018:0981-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-347.NASL
    descriptionThis update for wireshark fixes the following issues : Minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (boo#1088200) : - CVE-2018-9264: ADB dissector crash - CVE-2018-9260: IEEE 802.15.4 dissector crash - CVE-2018-9261: NBAP dissector crash - CVE-2018-9262: VLAN dissector crash - CVE-2018-9256: LWAPP dissector crash - CVE-2018-9263: Kerberos dissector crash - CVE-2018-9259: MP4 dissector crash - Memory leaks in multiple dissectors: CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274 This update also contains all upstream bug fixes and updated protocol support as listed in : https://www.wireshark.org/docs/relnotes/wireshark-2.2.14.html
    last seen2020-06-05
    modified2018-04-10
    plugin id108937
    published2018-04-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108937
    titleopenSUSE Security Update : wireshark (openSUSE-2018-347)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0980-1.NASL
    descriptionThis update for wireshark fixes the following issues : - Update to wireshark 2.2.14, fix such issues : - bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 - CVE-2018-9256: LWAPP dissector crash - CVE-2018-9260: IEEE 802.15.4 dissector crash - CVE-2018-9261: NBAP dissector crash - CVE-2018-9262: VLAN dissector crash - CVE-2018-9263: Kerberos dissector crash - CVE-2018-9264: ADB dissector crash - CVE-2018-9265: tn3270 dissector has a memory leak - CVE-2018-9266: ISUP dissector memory leak - CVE-2018-9267: LAPD dissector memory leak - CVE-2018-9268: SMB2 dissector memory leak - CVE-2018-9269: GIOP dissector memory leak - CVE-2018-9270: OIDS dissector memory leak - CVE-2018-9271: multipart dissector memory leak - CVE-2018-9272: h223 dissector memory leak - CVE-2018-9273: pcp dissector memory leak - CVE-2018-9274: failure message memory leak - CVE-2018-9259: MP4 dissector crash Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109197
    published2018-04-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109197
    titleSUSE SLES11 Security Update : wireshark (SUSE-SU-2018:0980-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1388.NASL
    descriptionSeveral issues that could result in a crash within different dissectors have been fixed. Other issues are related to memory leaks or heap-based buffer overflows. All issue could be caused by special crafted and malformed packets. For Debian 7
    last seen2020-03-17
    modified2018-05-29
    plugin id110164
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110164
    titleDebian DLA-1388-1 : wireshark security update
  • NASL familyWindows
    NASL idWIRESHARK_2_4_6.NASL
    descriptionThe version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id108885
    published2018-04-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108885
    titleWireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities