CVE Vulnerabilities

CVE-2018-11356

NULL Pointer Dereference

Published: May 22, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.9 MODERATE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Wireshark Wireshark 2.2.0 (including) 2.2.14 (including)
Wireshark Wireshark 2.4.0 (including) 2.4.6 (including)
Wireshark Wireshark 2.6.0 (including) 2.6.0 (including)
Wireshark Ubuntu artful *
Wireshark Ubuntu bionic *
Wireshark Ubuntu trusty *
Wireshark Ubuntu xenial *

Potential Mitigations

References