CVE-2018-6836

{"id": "CVE-2018-6836", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-02-08T07:29:01.197", "references": [{"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://code.wireshark.org/review/#/c/25660/", "tags": ["Issue Tracking", "Patch"], "source": "cve@mitre.org"}, {"url": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=28960d79cca262ac6b974f339697b299a1e28fef", "source": "cve@mitre.org"}, {"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://code.wireshark.org/review/#/c/25660/", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://code.wireshark.org/review/#/c/25660/2/wiretap/netmon.c", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=28960d79cca262ac6b974f339697b299a1e28fef", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-763"}]}], "descriptions": [{"lang": "en", "value": "The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."}, {"lang": "es", "value": "La funci\u00f3n netmonrec_comment_destroy en wiretap/netmon.c en Wireshark, hasta la versi\u00f3n 2.4.4, realiza una operaci\u00f3n de liberaci\u00f3n en una direcci\u00f3n de memoria no inicializada, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) u otro tipo de impacto sin especificar."}], "lastModified": "2024-11-21T04:11:16.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE0E1775-EE18-4D6A-B04E-42DE748545F5", "versionEndIncluding": "2.4.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}