Errata ALT-PU-2017-1698-1: Information
Fixes
Published: Aug. 31, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-3548
The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.
Severity: MEDIUM (4.3)
Links:
Published: Oct. 4, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-5237
The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: LOW (3.3)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-hsrp.c?r1=44454&r2=44453&pathrev=44454
- http://www.wireshark.org/security/wnpa-sec-2012-26.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7581
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=44454
- 85884
- 1027604
- 55754
- wireshark-hsrp-dos(79009)
- oval:org.mitre.oval:def:14992
Published: Oct. 4, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-5238
epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.
Severity: LOW (3.3)
Links:
- http://www.wireshark.org/security/wnpa-sec-2012-27.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7316
- 85883
- 1027604
- 55754
- wireshark-ppp-dissector-dos(79010)
- oval:org.mitre.oval:def:15593
Published: Oct. 4, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-5240
Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.
Severity: MEDIUM (5.8)
Links:
- http://www.wireshark.org/security/wnpa-sec-2012-29.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ldp.c?r1=44801&r2=44800&pathrev=44801
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7046
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7567
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=44801
- 1027604
- 55754
- oval:org.mitre.oval:def:15691
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6052
Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files.
Severity: MEDIUM (5.0)
Links:
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6053
epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field.
Severity: MEDIUM (5.0)
Links:
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7787
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-usb.c?r1=45310&r2=45309&pathrev=45310
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45310
- http://www.wireshark.org/security/wnpa-sec-2012-31.html
- openSUSE-SU-2013:0151
- openSUSE-SU-2012:1633
- oval:org.mitre.oval:def:15915
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6054
The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/security/wnpa-sec-2012-32.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7789
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45324
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sflow.c?r1=45324&r2=45323&pathrev=45324
- openSUSE-SU-2013:0151
- openSUSE-SU-2012:1633
- oval:org.mitre.oval:def:15764
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6055
epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/security/wnpa-sec-2012-39.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45337
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7801
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-3g-a11.c?r1=45337&r2=45336&pathrev=45337
- openSUSE-SU-2013:0151
- openSUSE-SU-2012:1633
- oval:org.mitre.oval:def:16044
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6056
Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45355
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sctp.c?r1=45355&r2=45354&pathrev=45355
- http://www.wireshark.org/security/wnpa-sec-2012-33.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7802
- openSUSE-SU-2013:0151
- openSUSE-SU-2012:1633
- RHSA-2014:0341
- oval:org.mitre.oval:def:16139
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6057
The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45408
- http://www.wireshark.org/security/wnpa-sec-2012-34.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800
- openSUSE-SU-2013:0151
- openSUSE-SU-2012:1633
- oval:org.mitre.oval:def:15883
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6058
Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/security/wnpa-sec-2012-40.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7844
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-icmpv6.c?r1=45459&r2=45458&pathrev=45459
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45459
- openSUSE-SU-2013:0151
- openSUSE-SU-2012:1633
- oval:org.mitre.oval:def:16075
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6059
The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: MEDIUM (5.0)
Links:
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7855
- http://www.wireshark.org/security/wnpa-sec-2012-35.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-isakmp.c?r1=45510&r2=45509&pathrev=45510
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45510
- openSUSE-SU-2013:0151
- openSUSE-SU-2012:1633
- oval:org.mitre.oval:def:15239
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6060
Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45524
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-iscsi.c?r1=45524&r2=45523&pathrev=45524
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7858
- http://www.wireshark.org/security/wnpa-sec-2012-36.html
- openSUSE-SU-2013:0151
- openSUSE-SU-2012:1633
- RHSA-2014:0341
- oval:org.mitre.oval:def:16038
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6061
The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45614
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7869
- http://www.wireshark.org/security/wnpa-sec-2012-37.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-wtp.c?r1=45614&r2=45613&pathrev=45614
- openSUSE-SU-2013:0151
- openSUSE-SU-2012:1633
- RHSA-2014:0341
- oval:org.mitre.oval:def:15253
Published: Dec. 5, 2012
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2012-6062
The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/security/wnpa-sec-2012-38.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7879
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-rtcp.c?r1=45717&r2=45716&pathrev=45717
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45717
- openSUSE-SU-2013:0151
- openSUSE-SU-2012:1633
- RHSA-2014:0341
- oval:org.mitre.oval:def:15894
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1572
The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: LOW (2.9)
Links:
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8036
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-slowprotocols.c?r1=46336&r2=46335&pathrev=46336
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46336
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16423
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1573
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: LOW (2.9)
Links:
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8037
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-csn1.c?r1=46335&r2=46334&pathrev=46335
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46335
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16016
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1574
The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-bthci_cmd.c?r1=46345&r2=46344&pathrev=46345
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46345
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8038
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16323
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1575
The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-assa_r3.c?r1=46415&r2=46414&pathrev=46415
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8040
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46415
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16291
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1576
The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: LOW (2.9)
Links:
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8041
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46344
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sdp.c?r1=46344&r2=46343&pathrev=46344
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16450
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1577
The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46340
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8042
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sip.c?r1=46340&r2=46339&pathrev=46340
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16253
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1578
The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46420
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8043
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-pw-eth.c?r1=46420&r2=46419&pathrev=46420
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16205
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1579
The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47046
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8198
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-rtps.c?r1=47046&r2=47045&pathrev=47046
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16230
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1580
The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47045
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8199
- http://anonsvn.wireshark.org/viewvc/trunk/plugins/docsis/packet-cmstatus.c?r1=47045&r2=47044&pathrev=47045
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:15509
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1581
The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=47123&r2=47122&pathrev=47123
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47123
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8222
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16370
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1582
The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-clnp.c?r1=45646&r2=45645&pathrev=45646
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7871
- http://www.wireshark.org/security/wnpa-sec-2013-02.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45646
- DSA-2625
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16426
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1583
The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46577
- http://www.wireshark.org/security/wnpa-sec-2013-03.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dtn.c?r1=46577&r2=46576&pathrev=46577
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16304
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1584
The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dtn.c?r1=46579&r2=46578&pathrev=46579
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46579
- http://www.wireshark.org/security/wnpa-sec-2013-03.html
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16092
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1585
epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-04.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/tvbuff.c?r1=46705&r2=46704&pathrev=46705
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46705
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:15801
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1586
The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46999
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8111
- http://www.wireshark.org/security/wnpa-sec-2013-05.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/reassemble.c?r1=46999&r2=46998&pathrev=46999
- DSA-2625
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16048
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1587
The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-06.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=44700
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7679
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-rohc.c?r1=44700&r2=44699&pathrev=44700
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16462
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1588
Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-07.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=47098&r2=47097&pathrev=47098
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47098
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8213
- DSA-2625
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16402
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1589
Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (2.9)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/proto.c?r1=47114&r2=47113&pathrev=47114
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47114
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197
- http://www.wireshark.org/security/wnpa-sec-2013-08.html
- openSUSE-SU-2013:0285
- openSUSE-SU-2013:0276
- oval:org.mitre.oval:def:16319
Published: Feb. 3, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-1590
Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (2.9)
Links:
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2475
The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (3.3)
Links:
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2476
The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.
Severity: MEDIUM (6.1)
Links:
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47778
- http://www.wireshark.org/security/wnpa-sec-2013-11.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360
- http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-hartip.c?r1=47778&r2=47777&pathrev=47778
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- 52471
- oval:org.mitre.oval:def:15838
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2477
The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (3.3)
Links:
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8383
- http://www.wireshark.org/security/wnpa-sec-2013-12.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47888
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- 52471
- oval:org.mitre.oval:def:16589
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2478
The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string.
Severity: LOW (3.3)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-ms-mms.c?r1=47981&r2=47980&pathrev=47981
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47981
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- http://www.wireshark.org/security/wnpa-sec-2013-13.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- DSA-2644
- 52471
- oval:org.mitre.oval:def:16447
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2479
The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data.
Severity: LOW (3.3)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-14.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mpls-echo.c?r1=46391&r2=46390&pathrev=46391
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46391
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8039
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- 52471
- oval:org.mitre.oval:def:16376
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2480
The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (3.3)
Links:
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8332
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- http://www.wireshark.org/security/wnpa-sec-2013-15.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- DSA-2644
- 52471
- oval:org.mitre.oval:def:16630
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2481
Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value.
Severity: LOW (2.9)
Links:
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mount.c?r1=47672&r2=47671&pathrev=47672
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html
- http://www.wireshark.org/security/wnpa-sec-2013-16.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47672
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- DSA-2644
- 52471
- oval:org.mitre.oval:def:16420
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2482
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: MEDIUM (6.1)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-17.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- 52471
- oval:org.mitre.oval:def:16677
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2483
The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data.
Severity: LOW (3.3)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-acn.c?r1=47692&r2=47691&pathrev=47692
- http://www.wireshark.org/security/wnpa-sec-2013-18.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8340
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47692
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- DSA-2644
- 52471
- oval:org.mitre.oval:def:16411
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2484
The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: LOW (3.3)
Links:
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- http://www.wireshark.org/security/wnpa-sec-2013-19.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8346
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- DSA-2644
- 52471
- oval:org.mitre.oval:def:16469
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2485
The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Severity: MEDIUM (6.1)
Links:
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8359
- http://www.wireshark.org/security/wnpa-sec-2013-20.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- 52471
- oval:org.mitre.oval:def:16529
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2486
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.
Severity: MEDIUM (6.1)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47805
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805&r2=47804&pathrev=47805
- http://www.wireshark.org/security/wnpa-sec-2013-21.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- openSUSE-SU-2013:0947
- openSUSE-SU-2013:0911
- 52471
- 53425
- oval:org.mitre.oval:def:16109
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2487
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486.
Severity: HIGH (7.8)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47808&r2=47807&pathrev=47808
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- http://www.wireshark.org/security/wnpa-sec-2013-21.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=47808
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- openSUSE-SU-2013:0947
- openSUSE-SU-2013:0911
- 52471
- 53425
- oval:org.mitre.oval:def:16593
Published: March 7, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-2488
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=48011
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html
- http://www.wireshark.org/security/wnpa-sec-2013-22.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
- openSUSE-SU-2013:0506
- openSUSE-SU-2013:0494
- DSA-2644
- 52471
- oval:org.mitre.oval:def:16672
Published: May 25, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-3555
epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=48393
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8493
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gtpv2.c?r1=48393&r2=48392&pathrev=48393
- http://www.wireshark.org/security/wnpa-sec-2013-24.html
- DSA-2700
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- openSUSE-SU-2013:0947
- openSUSE-SU-2013:0911
- GLSA-201308-05
- 54425
- 53425
- oval:org.mitre.oval:def:16779
Published: May 25, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-3556
The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-25.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=48943
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599
- http://anonsvn.wireshark.org/viewvc/trunk/epan/reassemble.c?r1=48943&r2=48942&pathrev=48943
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- openSUSE-SU-2013:0947
- openSUSE-SU-2013:0911
- GLSA-201308-05
- 54425
- https://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html
- 53425
Published: May 25, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-3557
The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=48944
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599
- http://www.wireshark.org/security/wnpa-sec-2013-25.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ber.c?r1=48944&r2=48943&pathrev=48944
- DSA-2700
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- openSUSE-SU-2013:0947
- openSUSE-SU-2013:0911
- MDVSA-2013:172
- RHSA-2014:0341
- https://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html
- 53425
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:16521
Published: May 25, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-26.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=49214
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8638
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=49214&r2=49213&pathrev=49214
- DSA-2700
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- openSUSE-SU-2013:0947
- openSUSE-SU-2013:0911
- GLSA-201308-05
- 54425
- 53425
- oval:org.mitre.oval:def:16417
Published: May 25, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=48644
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8540
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8231
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8541
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=48644&r2=48643&pathrev=48644
- http://www.wireshark.org/security/wnpa-sec-2013-27.html
- DSA-2700
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- openSUSE-SU-2013:0947
- openSUSE-SU-2013:0911
- RHSA-2014:0341
- 53425
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:16228
Published: May 25, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: MEDIUM (5.0)
Links:
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8481
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mpeg-dsmcc.c?r1=48332&r2=48331&pathrev=48332
- http://www.wireshark.org/security/wnpa-sec-2013-28.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=48332
- DSA-2700
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- openSUSE-SU-2013:0947
- openSUSE-SU-2013:0911
- GLSA-201308-05
- 54425
- 53425
- oval:org.mitre.oval:def:16751
Published: May 25, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
Severity: HIGH (7.8)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=48894
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336
- http://www.wireshark.org/security/wnpa-sec-2013-30.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464
- http://www.wireshark.org/security/wnpa-sec-2013-31.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894
- http://www.wireshark.org/security/wnpa-sec-2013-29.html
- openSUSE-SU-2013:1084
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:0947
- openSUSE-SU-2013:0911
- 53425
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:16755
Published: May 25, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=48419
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499
- http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-websocket.c?r1=48419&r2=48418&pathrev=48419
- http://www.wireshark.org/security/wnpa-sec-2013-29.html
- DSA-2700
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- GLSA-201308-05
- 54425
- 53425
- oval:org.mitre.oval:def:16696
Published: June 10, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-4074
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-capwap.c?r1=43716&r2=43715&pathrev=43716
- http://www.wireshark.org/security/wnpa-sec-2013-32.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=43716
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- DSA-2709
- MDVSA-2013:172
- 33556
- 94091
- 53762
- GLSA-201308-05
- 54425
- http://packetstormsecurity.com/files/126848/Wireshark-CAPWAP-Dissector-Denial-Of-Service.html
- oval:org.mitre.oval:def:16698
Published: June 10, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-4075
epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gmr1_bcch.c?r1=44674&r2=44673&pathrev=44674
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- http://www.wireshark.org/security/wnpa-sec-2013-33.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=44674
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- DSA-2709
- GLSA-201308-05
- 54425
- 53762
- oval:org.mitre.oval:def:16859
- RHSA-2017:0631
Published: June 10, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-4076
Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=46128&r2=46127&pathrev=46128
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- http://www.wireshark.org/security/wnpa-sec-2013-34.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8727
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46128
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- DSA-2709
- GLSA-201308-05
- 54425
- 53762
- oval:org.mitre.oval:def:16676
Published: June 10, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-4077
Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=49418
- http://www.wireshark.org/security/wnpa-sec-2013-35.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8697
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- DSA-2709
- GLSA-201308-05
- 54425
- 53762
- oval:org.mitre.oval:def:16829
Published: June 10, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-4078
epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-36.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=45566
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=46158
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- DSA-2709
- 53762
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:16936
Published: June 10, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-4079
The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=49686
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8730
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_cbch.c?r1=49686&r2=49685&pathrev=49686
- http://www.wireshark.org/security/wnpa-sec-2013-37.html
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- GLSA-201308-05
- 54425
- 53762
- oval:org.mitre.oval:def:16691
Published: June 10, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-4080
The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-38.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=49744
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-assa_r3.c?r1=49744&r2=49743&pathrev=49744
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- GLSA-201308-05
- 54425
- 53762
- 60503
- oval:org.mitre.oval:def:16873
Published: June 10, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-4081
The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=49623
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
- http://www.wireshark.org/security/wnpa-sec-2013-39.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-http.c?r1=49623&r2=49622&pathrev=49623
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- DSA-2709
- MDVSA-2013:172
- RHSA-2014:0341
- 53762
- GLSA-201308-05
- 54425
- 60505
- oval:org.mitre.oval:def:16820
Published: June 10, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-4082
The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=49739
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760
- http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=49739&r2=49738&pathrev=49739
- http://www.wireshark.org/security/wnpa-sec-2013-40.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- DSA-2709
- GLSA-201308-05
- 54425
- 53762
- oval:org.mitre.oval:def:16886
Published: June 10, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-4083
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=49802&r2=49801&pathrev=49802
- http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
- http://www.wireshark.org/security/wnpa-sec-2013-41.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=49802
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717
- openSUSE-SU-2013:1086
- openSUSE-SU-2013:1084
- http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
- DSA-2709
- MDVSA-2013:172
- RHSA-2014:0341
- 53762
- 54296
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:16375
Published: July 30, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-4927
Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
Severity: HIGH (7.8)
Links:
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
- https://www.wireshark.org/security/wnpa-sec-2013-45.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8831
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-btsdp.c?r1=50134&r2=50133&pathrev=50134
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=50134
- 54371
- openSUSE-SU-2013:1295
- openSUSE-SU-2013:1300
- RHSA-2014:0341
- 54296
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:17636
Published: July 30, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-4929
The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet.
Severity: HIGH (7.8)
Links:
- http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dis-pdus.c?r1=50450&r2=50449&pathrev=50450
- https://www.wireshark.org/security/wnpa-sec-2013-47.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=50450
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8911
- 54371
- openSUSE-SU-2013:1295
- openSUSE-SU-2013:1300
- 54296
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:17028
Published: July 30, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-4930
The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dvbci.c?r1=50474&r2=50473&pathrev=50474
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8916
- http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
- https://www.wireshark.org/security/wnpa-sec-2013-48.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=50474
- 54371
- DSA-2734
- openSUSE-SU-2013:1295
- openSUSE-SU-2013:1300
- 54178
- 54296
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:16929
Published: July 30, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-4931
epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector.
Severity: MEDIUM (5.0)
Links:
- https://www.wireshark.org/security/wnpa-sec-2013-49.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=50504
- http://anonsvn.wireshark.org/viewvc/trunk/epan/proto.c?r1=50504&r2=50503&pathrev=50504
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8923
- 54371
- openSUSE-SU-2013:1295
- openSUSE-SU-2013:1300
- RHSA-2014:0341
- 54296
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:17325
Published: July 30, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-4932
Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=50672
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940
- https://www.wireshark.org/security/wnpa-sec-2013-50.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_common.c?r1=50672&r2=50671&pathrev=50672
- 54371
- DSA-2734
- openSUSE-SU-2013:1295
- openSUSE-SU-2013:1300
- 54178
- RHSA-2014:0341
- 54296
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:17260
Published: July 30, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-4933
The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=49673
- https://www.wireshark.org/security/wnpa-sec-2013-51.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8742
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
- http://anonsvn.wireshark.org/viewvc/trunk/wiretap/netmon.c?r1=49673&r2=49672&pathrev=49673
- 54371
- DSA-2734
- openSUSE-SU-2013:1295
- openSUSE-SU-2013:1300
- 54178
- RHSA-2014:0341
- 54296
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:17412
Published: July 30, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-4934
The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.
Severity: MEDIUM (4.3)
Links:
- https://www.wireshark.org/security/wnpa-sec-2013-51.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
- http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8742
- http://anonsvn.wireshark.org/viewvc/trunk/wiretap/netmon.c?r1=49697&r2=49696&pathrev=49697
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=49697
- 54371
- DSA-2734
- openSUSE-SU-2013:1295
- openSUSE-SU-2013:1300
- 54178
- RHSA-2014:0341
- 54296
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:17584
Published: July 30, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-4935
The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (4.3)
Links:
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8722
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-per.c?r1=49985&r2=49984&pathrev=49985
- http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
- https://www.wireshark.org/security/wnpa-sec-2013-52.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=49985
- http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
- 54371
- DSA-2734
- openSUSE-SU-2013:1295
- openSUSE-SU-2013:1300
- 54178
- RHSA-2014:0341
- 54296
- GLSA-201308-05
- 54425
- oval:org.mitre.oval:def:17417
Published: Sept. 16, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-5718
The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (4.3)
Links:
Published: Sept. 16, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-5719
epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Severity: MEDIUM (4.3)
Links:
Published: Sept. 16, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-5720
Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
Published: Sept. 16, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-5721
The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (4.3)
Links:
Published: Sept. 16, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-5722
Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (4.3)
Links:
Published: Nov. 4, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6336
The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (4.3)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036
- http://www.wireshark.org/security/wnpa-sec-2013-61.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee802154.c?r1=52036&r2=52035&pathrev=52036
- openSUSE-SU-2013:1671
- openSUSE-SU-2013:1675
- DSA-2792
- RHSA-2014:0342
- oval:org.mitre.oval:def:19193
Published: Nov. 4, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6337
Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (4.3)
Links:
Published: Nov. 4, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6338
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (4.3)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=52354
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228
- http://www.wireshark.org/security/wnpa-sec-2013-63.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sip.c?r1=52354&r2=52353&pathrev=52354
- openSUSE-SU-2013:1671
- openSUSE-SU-2013:1675
- DSA-2792
- RHSA-2014:0342
- oval:org.mitre.oval:def:19145
Published: Nov. 4, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6339
The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet.
Severity: MEDIUM (4.3)
Links:
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=52458
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-openwire.c?r1=52463&r2=52462&pathrev=52463
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-openwire.c?r1=52458&r2=52457&pathrev=52458
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9248
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=52463
- http://www.wireshark.org/security/wnpa-sec-2013-64.html
- openSUSE-SU-2013:1671
- openSUSE-SU-2013:1675
- RHSA-2014:0342
- oval:org.mitre.oval:def:19086
Published: Nov. 4, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6340
epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Severity: MEDIUM (4.3)
Links:
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263
- http://www.wireshark.org/security/wnpa-sec-2013-65.html
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=52570
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-tcp.c?r1=52570&r2=52569&pathrev=52570
- openSUSE-SU-2013:1671
- openSUSE-SU-2013:1675
- DSA-2792
- RHSA-2014:0342
- oval:org.mitre.oval:def:19298
Published: Dec. 20, 2013
Modified: April 19, 2014
Modified: April 19, 2014
CVE-2013-7112
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Severity: MEDIUM (5.0)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sip.c?r1=51738&r2=51737&pathrev=51738
- http://www.wireshark.org/security/wnpa-sec-2013-66.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=51738
- openSUSE-SU-2014:0020
- openSUSE-SU-2014:0013
- openSUSE-SU-2014:0017
- 56285
- 56313
- MDVSA-2013:296
- RHSA-2014:0342
- RHSA-2014:0341
Published: Dec. 20, 2013
Modified: April 19, 2014
Modified: April 19, 2014
CVE-2013-7114
Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.
Severity: MEDIUM (5.0)
Links:
- http://www.wireshark.org/security/wnpa-sec-2013-68.html
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ntlmssp.c?r1=53626&r2=53625&pathrev=53626
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=53626
- DSA-2825
- 56052
- openSUSE-SU-2014:0020
- openSUSE-SU-2014:0013
- openSUSE-SU-2014:0017
- 56285
- 56313
- MDVSA-2013:296
- RHSA-2014:0342
Published: March 11, 2014
Modified: Aug. 12, 2015
Modified: Aug. 12, 2015
CVE-2014-2281
The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.
Severity: MEDIUM (4.3)
Links:
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&r2=54874&pathrev=54875
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=54875
- http://www.wireshark.org/security/wnpa-sec-2014-01.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672
- DSA-2871
- openSUSE-SU-2014:0383
- openSUSE-SU-2014:0382
- 57480
- 57489
- RHSA-2014:0342
- RHSA-2014:0341
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10
- 1029907
Published: March 11, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-2283
epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.
Severity: MEDIUM (4.3)
Links:
- http://www.wireshark.org/security/wnpa-sec-2014-03.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802
- DSA-2871
- openSUSE-SU-2014:0383
- openSUSE-SU-2014:0382
- 57480
- 57489
- RHSA-2014:0342
- 1029907
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=217293ba4a0353bf5d657e74fe8623dd3c86fe08
Published: March 11, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2014-2299
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
Severity: CRITICAL (9.3)
Links:
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843
- http://www.wireshark.org/security/wnpa-sec-2014-04.html
- DSA-2871
- openSUSE-SU-2014:0383
- openSUSE-SU-2014:0382
- 57480
- 57489
- RHSA-2014:0342
- RHSA-2014:0341
- 33069
- http://packetstormsecurity.com/files/126337/Wireshark-1.8.12-1.10.5-wiretap-mpeg.c-Stack-Buffer-Overflow.html
- 104199
- 66066
- 1029907
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f567435ac7140c96a5de56dbce3d5e7659af4d09
Published: Nov. 17, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-9372
In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 17, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-9373
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 17, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-9374
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 17, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-9375
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 17, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-9376
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Feb. 17, 2017
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2017-6014
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 13, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-7700
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://www.wireshark.org/security/wnpa-sec-2017-14.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478
- 97631
- GLSA-201706-12
- 1038262
- [debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=8fc0af859de4993951a915ad735be350221f3f53
Published: April 13, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-7701
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 13, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-7702
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 13, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-7703
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.wireshark.org/security/wnpa-sec-2017-12.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13466
- 97636
- GLSA-201706-12
- 1038262
- [debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=671e32820ab29d41d712cc8a472eab9b672684d9
Published: April 13, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-7704
In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.wireshark.org/security/wnpa-sec-2017-17.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13453
- 97634
- GLSA-201706-12
- 1038262
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6032b0fe5fc1176ab77e03e20765f95fbd21b19e
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=da53a90b6895e47e03c5de05edf84bd99d535fd8
Published: April 13, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-7705
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9343
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9344
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.wireshark.org/security/wnpa-sec-2017-29.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1539
- 98796
- 1038612
- [debian-lts-announce] 20190325 [SECURITY] [DLA 1729-1] wireshark security update
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6308ae03d82a29a2e3d75e1c325c8a9f6c44dcdf
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9345
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9346
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9347
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.wireshark.org/security/wnpa-sec-2017-31.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1216
- 98800
- 1038612
- 42124
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=278e52f26e7e1a23f8d2e8ed98693328c992bdce
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9348
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9349
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.wireshark.org/security/wnpa-sec-2017-27.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1329
- 98803
- 1038612
- [debian-lts-announce] 20190325 [SECURITY] [DLA 1729-1] wireshark security update
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cb1b6494c44c9e939d9e2554de6b812de395e3f9
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9350
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9351
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.wireshark.org/security/wnpa-sec-2017-24.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13628
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1183
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1153
- 98808
- 1038612
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a6e033c14da13bd5f72dfe07a347586517639d12
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9352
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9353
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.wireshark.org/security/wnpa-sec-2017-33.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1303
- 98805
- 1038612
- 42123
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=40b2d475c2ad550c1a0f536d5eb30f2a7404c4f0
Published: June 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9354
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links: