CVE-2018-11359 : Exploit Details and Defense Strategies

Wireshark versions 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14 were found to have a vulnerability in the RRC dissector and other dissectors that could lead to crashes. The issue was addressed by implementing preventive measures in the epan/proto.c file.

Understanding CVE-2018-11359

This CVE entry identifies a vulnerability in Wireshark versions 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14 that could result in crashes due to a NULL pointer dereference.

What is CVE-2018-11359?

Wireshark versions 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14 were susceptible to a vulnerability in the RRC dissector and other dissectors, potentially leading to crashes.

The Impact of CVE-2018-11359

The vulnerability could allow attackers to cause a denial of service (DoS) by crashing the Wireshark application, impacting system availability and potentially leading to information disclosure.

Technical Details of CVE-2018-11359

Wireshark versions 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14 were affected by the following:

Vulnerability Description

The vulnerability in Wireshark versions could result in crashes due to a NULL pointer dereference in the RRC dissector and other dissectors.

Affected Systems and Versions

Wireshark 2.6.0
Wireshark 2.4.0 to 2.4.6
Wireshark 2.2.0 to 2.2.14

Exploitation Mechanism

Attackers could exploit this vulnerability by crafting malicious network packets to trigger the NULL pointer dereference, leading to application crashes.

Mitigation and Prevention

To address CVE-2018-11359, consider the following steps:

Immediate Steps to Take

Update Wireshark to the latest patched version.
Avoid opening suspicious or untrusted capture files.

Long-Term Security Practices

Regularly update Wireshark and other software to patch known vulnerabilities.
Implement network segmentation to limit the impact of potential attacks.

Patching and Updates

Ensure timely installation of security updates and patches provided by Wireshark to mitigate the vulnerability.