| Errata ID | 413 |
|---|---|
| Date | 2018-05-08 |
| Source package | wireshark |
| Fixed in version | 1.12.1+g01b65bf-4+deb8u13 |
| Description | This update addresses the following issues: * The AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. (CVE-2017-11408) * The NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. (CVE-2017-17083) * The IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (CVE-2017-17084) * The CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. (CVE-2017-17085) * The IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. (CVE-2018-5334) * The WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. (CVE-2018-5335) * The JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. (CVE-2018-5336) |
| Additional notes | |
| CVE ID | CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 |
| UCS Bug number | #46164 |
