{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-08T00:00:00", "descriptions": [{"lang": "en", "value": "The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-08T06:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c"}, {"tags": ["x_refsource_MISC"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=28960d79cca262ac6b974f339697b299a1e28fef"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397"}, {"tags": ["x_refsource_MISC"], "url": "https://code.wireshark.org/review/#/c/25660/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6836", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c", "refsource": "MISC", "url": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28960d79cca262ac6b974f339697b299a1e28fef", "refsource": "MISC", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28960d79cca262ac6b974f339697b299a1e28fef"}, {"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397", "refsource": "MISC", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397"}, {"name": "https://code.wireshark.org/review/#/c/25660/", "refsource": "MISC", "url": "https://code.wireshark.org/review/#/c/25660/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:17:15.852Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=28960d79cca262ac6b974f339697b299a1e28fef"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://code.wireshark.org/review/#/c/25660/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6836", "datePublished": "2018-02-08T07:00:00", "dateReserved": "2018-02-07T00:00:00", "dateUpdated": "2024-08-05T06:17:15.852Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE0E1775-EE18-4D6A-B04E-42DE748545F5", "versionEndIncluding": "2.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."}, {"lang": "es", "value": "La funci\u00f3n netmonrec_comment_destroy en wiretap/netmon.c en Wireshark, hasta la versi\u00f3n 2.4.4, realiza una operaci\u00f3n de liberaci\u00f3n en una direcci\u00f3n de memoria no inicializada, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) u otro tipo de impacto sin especificar."}], "id": "CVE-2018-6836", "lastModified": "2024-11-21T04:11:16.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-08T07:29:01.197", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://code.wireshark.org/review/#/c/25660/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=28960d79cca262ac6b974f339697b299a1e28fef"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://code.wireshark.org/review/#/c/25660/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=28960d79cca262ac6b974f339697b299a1e28fef"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-763"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "wireshark: free operation on an uninitialized memory address in wiretap/netmon.c", "id": "1543582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543582"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-119", "details": ["The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."], "name": "CVE-2018-6836", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-02-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-6836\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6836"], "threat_severity": "Low"}