CVE-2018-7321

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://github.com/wireshark/wireshark
Events: Introduced

5368c50be46d4a44986d12bdfc0a35b42c0f34fc

Last affected

1fd0af7a9015714bbe0f67b3a2027af6fe47c1c0

Introduced

9be0fa500da594ed01baf3214642838d22811c90

Last affected

90a7be11a4fdc292f2af40cd49ad7e1bce335dfc

Affected versions

2.*

2.2.1rc0

v2.*

v2.2.0

v2.2.1

v2.2.10

v2.2.10rc0

v2.2.11

v2.2.11rc0

v2.2.12

v2.2.12rc0

v2.2.1rc0

v2.2.2

v2.2.2rc0

v2.2.3

v2.2.3rc0

v2.2.4

v2.2.4rc0

v2.2.5

v2.2.5rc0

v2.2.6

v2.2.6rc0

v2.2.7

v2.2.7rc0

v2.2.8

v2.2.8rc0

v2.2.9

v2.2.9rc0

v2.4.0

v2.4.1

v2.4.1rc0

v2.4.2

v2.4.2rc0

v2.4.3

v2.4.3rc0

v2.4.4

v2.4.4rc0

wireshark-2.*

wireshark-2.2.0

wireshark-2.2.1

wireshark-2.2.10

wireshark-2.2.11

wireshark-2.2.12

wireshark-2.2.2

wireshark-2.2.3

wireshark-2.2.4

wireshark-2.2.5

wireshark-2.2.6

wireshark-2.2.7

wireshark-2.2.8

wireshark-2.2.9

wireshark-2.4.0

wireshark-2.4.1

wireshark-2.4.2

wireshark-2.4.3

wireshark-2.4.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7321.json"