CVE Vulnerabilities

CVE-2018-14367

Unchecked Return Value

Published: Jul 19, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.9 MODERATE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.

Weakness

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Affected Software

Name Vendor Start Version End Version
Wireshark Wireshark 2.4.0 (including) 2.4.7 (including)
Wireshark Wireshark 2.6.0 (including) 2.6.1 (including)
Wireshark Ubuntu artful *
Wireshark Ubuntu bionic *
Wireshark Ubuntu trusty *
Wireshark Ubuntu xenial *

Potential Mitigations

References