vulnerability
Oracle Linux: CVE-2018-11362: ELSA-2020-1047: wireshark security and bug fix update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Apr 24, 2018 | Oct 5, 2022 | Dec 3, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Apr 24, 2018
Added
Oct 5, 2022
Modified
Dec 3, 2025
Description
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
A heap-based buffer overflow was found in the wireshark module responsible for analyzing the LDSS protocol. An attacker could create a malicious LDSS message to cause a remote denial of service, crashing the application.
A heap-based buffer overflow was found in the wireshark module responsible for analyzing the LDSS protocol. An attacker could create a malicious LDSS message to cause a remote denial of service, crashing the application.
Solutions
oracle-linux-upgrade-wiresharkoracle-linux-upgrade-wireshark-develoracle-linux-upgrade-wireshark-gnome
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.