CVE-2018-11358 : Security Advisory and Response

Wireshark versions 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14 had a crash issue in the Q.931 dissector, which has been resolved. The problem stemmed from a use-after-free scenario caused by a malformed packet.

Understanding CVE-2018-11358

This CVE entry addresses a vulnerability in Wireshark that could lead to a crash due to a specific issue in the Q.931 dissector.

What is CVE-2018-11358?

The vulnerability in Wireshark versions 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14 allowed for a crash to occur in the Q.931 dissector.

The Impact of CVE-2018-11358

The vulnerability could be exploited by an attacker to cause a denial of service (DoS) by crashing the Wireshark application.

Technical Details of CVE-2018-11358

Wireshark's vulnerability is detailed below:

Vulnerability Description

The issue in Wireshark was located in the epan/dissectors/packet-q931.c file, where a use-after-free scenario was triggered by a malformed packet, resulting in a crash.

Affected Systems and Versions

Wireshark versions 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14 were affected by this vulnerability.

Exploitation Mechanism

Exploitation of this vulnerability required the crafting of a specifically malformed packet to trigger the use-after-free scenario and crash the application.

Mitigation and Prevention

To address CVE-2018-11358, the following steps are recommended:

Immediate Steps to Take

Update Wireshark to the latest patched version.
Avoid opening suspicious or untrusted network captures.

Long-Term Security Practices

Regularly update Wireshark and other software to patch known vulnerabilities.
Implement network monitoring and intrusion detection systems to identify unusual network traffic.

Patching and Updates

Ensure that Wireshark is regularly updated to the latest version to mitigate the risk of exploitation.