In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. Upstream issue: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132 Upstream patch: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f External References: https://www.wireshark.org/security/wnpa-sec-2018-53.html
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1655944]
This issue affects wireshark since version 1.11.3 where dissector for Latency Busters Messaging was introduced.
Statement: This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include LBMPDM dissector where the vulnerability occurred.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-19623