CVE-2018-11358

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://github.com/wireshark/wireshark
Events: Introduced

5368c50be46d4a44986d12bdfc0a35b42c0f34fc

Last affected

9c7f2bad2cb92655371dabe5b3c3cc3070dfe4cc

Last affected

c7239f0201292253817c7c4c9a394a47113ca55c

Introduced

9be0fa500da594ed01baf3214642838d22811c90

Last affected

e2f395aa12bfb9572bc509145234ee0d31ad82f2

Affected versions

2.*

2.2.1rc0

v2.*

v2.2.0

v2.2.1

v2.2.10

v2.2.10rc0

v2.2.11

v2.2.11rc0

v2.2.12

v2.2.12rc0

v2.2.13

v2.2.13rc0

v2.2.14

v2.2.14rc0

v2.2.1rc0

v2.2.2

v2.2.2rc0

v2.2.3

v2.2.3rc0

v2.2.4

v2.2.4rc0

v2.2.5

v2.2.5rc0

v2.2.6

v2.2.6rc0

v2.2.7

v2.2.7rc0

v2.2.8

v2.2.8rc0

v2.2.9

v2.2.9rc0

v2.4.0

v2.4.1

v2.4.1rc0

v2.4.2

v2.4.2rc0

v2.4.3

v2.4.3rc0

v2.4.4

v2.4.4rc0

v2.4.5

v2.4.5rc0

v2.4.6

v2.4.6rc0

wireshark-2.*

wireshark-2.2.0

wireshark-2.2.1

wireshark-2.2.10

wireshark-2.2.11

wireshark-2.2.12

wireshark-2.2.13

wireshark-2.2.14

wireshark-2.2.2

wireshark-2.2.3

wireshark-2.2.4

wireshark-2.2.5

wireshark-2.2.6

wireshark-2.2.7

wireshark-2.2.8

wireshark-2.2.9

wireshark-2.4.0

wireshark-2.4.1

wireshark-2.4.2

wireshark-2.4.3

wireshark-2.4.4

wireshark-2.4.5

wireshark-2.4.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11358.json"