CVE Vulnerabilities

CVE-2018-16056

Published: Aug 30, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.9 MODERATE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.

Affected Software

Name Vendor Start Version End Version
Wireshark Wireshark 2.2.0 (including) 2.2.16 (including)
Wireshark Wireshark 2.4.0 (including) 2.4.8 (including)
Wireshark Wireshark 2.6.0 (including) 2.6.2 (including)
Wireshark Ubuntu bionic *
Wireshark Ubuntu esm-apps/bionic *
Wireshark Ubuntu esm-apps/xenial *
Wireshark Ubuntu trusty *
Wireshark Ubuntu xenial *

References