CVE-2018-6836 - OpenCVE

The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wireshark	Wireshark

Configuration 1 [-]

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397	Exploit Issue Tracking Third Party Advisory
https://code.wireshark.org/review/#/c/25660/	Issue Tracking Patch
https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c	Patch
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=28960d79cca262ac6b974f339697b299a1e28fef

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-08T07:00:00

Updated: 2018-02-08T06:57:01

Reserved: 2018-02-07T00:00:00

Link: CVE-2018-6836

JSON object: View

NVD Information

Status : Modified

Published: 2018-02-08T07:29:01.197

Modified: 2023-11-07T03:00:35.130

Link: CVE-2018-6836

JSON object: View

Redhat Information

No data.

CWE

CWE-763

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-08T00:00:00", "descriptions": [{"lang": "en", "value": "The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-08T06:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c"}, {"tags": ["x_refsource_MISC"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=28960d79cca262ac6b974f339697b299a1e28fef"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397"}, {"tags": ["x_refsource_MISC"], "url": "https://code.wireshark.org/review/#/c/25660/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6836", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c", "refsource": "MISC", "url": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28960d79cca262ac6b974f339697b299a1e28fef", "refsource": "MISC", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28960d79cca262ac6b974f339697b299a1e28fef"}, {"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397", "refsource": "MISC", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397"}, {"name": "https://code.wireshark.org/review/#/c/25660/", "refsource": "MISC", "url": "https://code.wireshark.org/review/#/c/25660/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6836", "datePublished": "2018-02-08T07:00:00", "dateReserved": "2018-02-07T00:00:00", "dateUpdated": "2018-02-08T06:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE0E1775-EE18-4D6A-B04E-42DE748545F5", "versionEndIncluding": "2.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."}, {"lang": "es", "value": "La funci\u00f3n netmonrec_comment_destroy en wiretap/netmon.c en Wireshark, hasta la versi\u00f3n 2.4.4, realiza una operaci\u00f3n de liberaci\u00f3n en una direcci\u00f3n de memoria no inicializada, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) u otro tipo de impacto sin especificar."}], "id": "CVE-2018-6836", "lastModified": "2023-11-07T03:00:35.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-08T07:29:01.197", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://code.wireshark.org/review/#/c/25660/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=28960d79cca262ac6b974f339697b299a1e28fef"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-763"}], "source": "nvd@nist.gov", "type": "Primary"}]}