CVE-2018-14438

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
20/07/2018
Last modified:
17/09/2018

Description

In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:* 2.6.2 (including)