Vulnerabilities > CVE-2018-9267 - Missing Release of Resource after Effective Lifetime vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
wireshark
debian
CWE-772
nessus
NVD
Published: 2018-04-04
Updated: 2023-11-07

Summary

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.

Vulnerable Configurations

Part Description Count
Application
Wireshark
20
OS
Debian
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • HTTP DoS
    An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_WIRESHARK_2_4_6.NASL
    descriptionThe version of Wireshark installed on the remote MacOS/MacOSX host is 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id108884
    published2018-04-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108884
    titleWireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities (MacOS)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(108884);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/08");

  script_cve_id(
    "CVE-2017-9616",
    "CVE-2018-9256",
    "CVE-2018-9257",
    "CVE-2018-9258",
    "CVE-2018-9259",
    "CVE-2018-9260",
    "CVE-2018-9261",
    "CVE-2018-9262",
    "CVE-2018-9263",
    "CVE-2018-9264",
    "CVE-2018-9265",
    "CVE-2018-9266",
    "CVE-2018-9267",
    "CVE-2018-9268",
    "CVE-2018-9269",
    "CVE-2018-9270",
    "CVE-2018-9271",
    "CVE-2018-9272",
    "CVE-2018-9273",
    "CVE-2018-9274"
  );
  script_bugtraq_id(99085);

  script_name(english:"Wireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities (MacOS)");
  script_summary(english:"Checks the version of Wireshark.");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote MacOS / MacOSX host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Wireshark installed on the remote MacOS/MacOSX host
is 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore,
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-15.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-16.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-17.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-18.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-19.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-20.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-21.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-22.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-23.html");
  script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2018-24.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Wireshark version 2.2.14 / 2.4.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9274");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_wireshark_installed.nbin");
  script_require_keys("installed_sw/Wireshark", "Host/MacOSX/Version", "Host/local_checks_enabled");

  exit(0);
}

include("vcf.inc");

get_kb_item_or_exit("Host/MacOSX/Version");

app_info = vcf::get_app_info(app:"Wireshark");

constraints = [
  { "min_version" : "2.2.0", "fixed_version" : "2.2.14" },
  { "min_version" : "2.4.0", "fixed_version" : "2.4.6" }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1634.NASL
    descriptionSeveral issues in wireshark, a tool that captures and analyzes packets off the wire, have been found by different people. These are basically issues with length checks or invalid memory access in different dissectors. This could result in infinite loops or crashes by malicious packets. For Debian 8
    last seen2020-03-17
    modified2019-01-16
    plugin id121193
    published2019-01-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121193
    titleDebian DLA-1634-1 : wireshark security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0981-1.NASL
    descriptionThis update for wireshark fixes the following issues : - Update to wireshark 2.2.14, fix such issues : - bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 - CVE-2018-9256: LWAPP dissector crash - CVE-2018-9260: IEEE 802.15.4 dissector crash - CVE-2018-9261: NBAP dissector crash - CVE-2018-9262: VLAN dissector crash - CVE-2018-9263: Kerberos dissector crash - CVE-2018-9264: ADB dissector crash - CVE-2018-9265: tn3270 dissector has a memory leak - CVE-2018-9266: ISUP dissector memory leak - CVE-2018-9267: LAPD dissector memory leak - CVE-2018-9268: SMB2 dissector memory leak - CVE-2018-9269: GIOP dissector memory leak - CVE-2018-9270: OIDS dissector memory leak - CVE-2018-9271: multipart dissector memory leak - CVE-2018-9272: h223 dissector memory leak - CVE-2018-9273: pcp dissector memory leak - CVE-2018-9274: failure message memory leak - CVE-2018-9259: MP4 dissector crash Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109198
    published2018-04-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109198
    titleSUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2018:0981-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-347.NASL
    descriptionThis update for wireshark fixes the following issues : Minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (boo#1088200) : - CVE-2018-9264: ADB dissector crash - CVE-2018-9260: IEEE 802.15.4 dissector crash - CVE-2018-9261: NBAP dissector crash - CVE-2018-9262: VLAN dissector crash - CVE-2018-9256: LWAPP dissector crash - CVE-2018-9263: Kerberos dissector crash - CVE-2018-9259: MP4 dissector crash - Memory leaks in multiple dissectors: CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274 This update also contains all upstream bug fixes and updated protocol support as listed in : https://www.wireshark.org/docs/relnotes/wireshark-2.2.14.html
    last seen2020-06-05
    modified2018-04-10
    plugin id108937
    published2018-04-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108937
    titleopenSUSE Security Update : wireshark (openSUSE-2018-347)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0980-1.NASL
    descriptionThis update for wireshark fixes the following issues : - Update to wireshark 2.2.14, fix such issues : - bsc#1088200 VUL-0: wireshark: multiple vulnerabilities fixed in 2.2.14, 2.4.6 - CVE-2018-9256: LWAPP dissector crash - CVE-2018-9260: IEEE 802.15.4 dissector crash - CVE-2018-9261: NBAP dissector crash - CVE-2018-9262: VLAN dissector crash - CVE-2018-9263: Kerberos dissector crash - CVE-2018-9264: ADB dissector crash - CVE-2018-9265: tn3270 dissector has a memory leak - CVE-2018-9266: ISUP dissector memory leak - CVE-2018-9267: LAPD dissector memory leak - CVE-2018-9268: SMB2 dissector memory leak - CVE-2018-9269: GIOP dissector memory leak - CVE-2018-9270: OIDS dissector memory leak - CVE-2018-9271: multipart dissector memory leak - CVE-2018-9272: h223 dissector memory leak - CVE-2018-9273: pcp dissector memory leak - CVE-2018-9274: failure message memory leak - CVE-2018-9259: MP4 dissector crash Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109197
    published2018-04-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109197
    titleSUSE SLES11 Security Update : wireshark (SUSE-SU-2018:0980-1)
  • NASL familyWindows
    NASL idWIRESHARK_2_4_6.NASL
    descriptionThe version of Wireshark installed on the remote Windows host is 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id108885
    published2018-04-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108885
    titleWireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities

References