CVE-2018-11356

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	2.2.0 (including)	2.2.14 (including)
Wireshark	Wireshark	2.4.0 (including)	2.4.6 (including)
Wireshark	Wireshark	2.6.0 (including)	2.6.0 (including)
Wireshark	Ubuntu	artful	*
Wireshark	Ubuntu	bionic	*
Wireshark	Ubuntu	trusty	*
Wireshark	Ubuntu	xenial	*

Potential Mitigations

References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
http://www.securityfocus.com/bid/104308
http://www.securitytracker.com/id/1041036
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4425716ddba99374749bd033d9bc0f4add2fb973
https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
https://www.wireshark.org/security/wnpa-sec-2018-29.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
http://www.securityfocus.com/bid/104308
http://www.securitytracker.com/id/1041036
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4425716ddba99374749bd033d9bc0f4add2fb973
https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
https://www.wireshark.org/security/wnpa-sec-2018-29.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-11356
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References