In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. Upstream issue: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130 Upstream patch: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c5a65115ebab55cfd5ce0a855c2256e01cab6449 External References: https://www.wireshark.org/security/wnpa-sec-2018-52.html
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1655944]
According to upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130#c8 This issue affects also older versions since commit: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ea0baf468e778706c40e2fb0337fc65cd3e27ea5 when packet-dcom.c was introduced. The problem seems to be that dissect_dcom_BSTR() can end before calling dcom_tvb_get_nwstringz0() where szStr is initialized, leaving it uninitialized. But such possibility was only introduced by commit: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0c7eb4a4f4d351aa99adefb798eec90293aac131 (which means since wireshark 2.1.0)
Statement: This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5, 6 and 7.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-19626