Out-of-bounds Read Affecting wireshark package, versions [2.4.0,2.4.8)[2.6.0,2.6.2)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.16% (55th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-WIRESHARK-2318445
  • published14 Dec 2021
  • disclosed19 Jul 2018
  • creditUnknown

Introduced: 19 Jul 2018

CVE-2018-14370  (opens in a new tab)
CWE-125  (opens in a new tab)

How to fix?

Upgrade wireshark to version 2.4.8, 2.6.2 or higher.

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.

References

CVSS Scores

version 3.1