CVE-2018-7420 : What You Need to Know

Wireshark versions between 2.2.0 and 2.2.12, as well as 2.4.0 and 2.4.4, encountered a vulnerability in the pcapng file parser that could lead to a crash. The issue was addressed by implementing a block-size verification for sysdig event blocks.

Understanding CVE-2018-7420

This CVE entry pertains to a specific vulnerability found in Wireshark versions 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4.

What is CVE-2018-7420?

In Wireshark versions 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, a flaw in the pcapng file parser could trigger a crash. The vulnerability was mitigated by introducing a block-size check for sysdig event blocks.

The Impact of CVE-2018-7420

The vulnerability could potentially lead to a crash of Wireshark when processing pcapng files, affecting the stability and reliability of the network analysis tool.

Technical Details of CVE-2018-7420

This section delves into the technical aspects of the CVE entry.

Vulnerability Description

The issue resided in the pcapng file parser of Wireshark versions 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, which lacked proper validation, allowing for a crash to occur.

Affected Systems and Versions

Wireshark versions 2.2.0 to 2.2.12
Wireshark versions 2.4.0 to 2.4.4

Exploitation Mechanism

Exploiting this vulnerability involved crafting a malicious pcapng file to trigger the crash in the Wireshark application.

Mitigation and Prevention

To address and prevent the CVE-2018-7420 vulnerability, consider the following steps:

Immediate Steps to Take

Update Wireshark to the latest patched version.
Avoid opening untrusted pcapng files.

Long-Term Security Practices

Regularly update Wireshark and other software to patch known vulnerabilities.
Implement network segmentation to limit the impact of potential exploits.

Patching and Updates

Ensure timely installation of security updates and patches provided by Wireshark to mitigate the vulnerability effectively.