CVE-2018-11356 Explained : Impact and Mitigation

Wireshark versions 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14 were vulnerable to a crash in the DNS dissector due to a NULL pointer dereference. The issue was resolved by modifying the code to handle empty names in SRV records.

Understanding CVE-2018-11356

This CVE entry addresses a vulnerability in Wireshark versions that could lead to a crash in the DNS dissector.

What is CVE-2018-11356?

The vulnerability in Wireshark versions 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14 allowed for a crash in the DNS dissector due to a NULL pointer dereference when encountering an empty name in an SRV record.

The Impact of CVE-2018-11356

The vulnerability could be exploited by an attacker to cause a denial of service by crashing the Wireshark application during DNS analysis.

Technical Details of CVE-2018-11356

Wireshark vulnerability details and affected systems.

Vulnerability Description

Wireshark versions 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14 were susceptible to a crash in the DNS dissector due to a NULL pointer dereference.

Affected Systems and Versions

Wireshark 2.6.0
Wireshark 2.4.0 to 2.4.6
Wireshark 2.2.0 to 2.2.14

Exploitation Mechanism

Attackers could exploit this vulnerability by crafting malicious DNS packets to trigger a crash in the Wireshark application.

Mitigation and Prevention

Steps to mitigate and prevent the CVE-2018-11356 vulnerability.

Immediate Steps to Take

Update Wireshark to the latest version to apply the necessary patches.
Avoid opening suspicious or untrusted capture files.

Long-Term Security Practices

Regularly update Wireshark and other software to address known vulnerabilities.
Implement network segmentation to limit the impact of potential attacks.

Patching and Updates

Check for updates and security advisories from Wireshark's official sources.
Apply patches promptly to ensure the security of the Wireshark installation.