FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318524
Date:      2013-05-19
Time:      14:06:36Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4cdfe875-e8d6-11e1-bea0-002354ed89bc	Wireshark -- Multiple vulnerabilities Wireshark reports: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. The PPP dissector could crash. The NFS dissector could use excessive amounts of CPU. The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The ERF dissector could overflow a buffer. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The GSM RLC MAC dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. The pcap-ng file parser could trigger a zero division. The Ixia IxVeriWave file parser could overflow a buffer. Discovery 2012-07-22 Entry 2012-08-18 wireshark lt 1.8.2 wireshark-lite lt 1.8.2 tshark lt 1.8.2 tshark-lite lt 1.8.2 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 http://www.wireshark.org/security/wnpa-sec-2012-11.html http://www.wireshark.org/security/wnpa-sec-2012-12.html http://www.wireshark.org/security/wnpa-sec-2012-13.html http://www.wireshark.org/security/wnpa-sec-2012-14.html http://www.wireshark.org/security/wnpa-sec-2012-15.html http://www.wireshark.org/security/wnpa-sec-2012-16.html http://www.wireshark.org/security/wnpa-sec-2012-17.html http://www.wireshark.org/security/wnpa-sec-2012-18.html http://www.wireshark.org/security/wnpa-sec-2012-19.html http://www.wireshark.org/security/wnpa-sec-2012-20.html http://www.wireshark.org/security/wnpa-sec-2012-21.html http://www.wireshark.org/security/wnpa-sec-2012-22.html http://www.wireshark.org/security/wnpa-sec-2012-23.html http://www.wireshark.org/security/wnpa-sec-2012-24.html http://www.wireshark.org/security/wnpa-sec-2012-25.html
b2eaa7c2-e64a-11df-bc65-0022156e8794	Wireshark -- DoS in the BER-based dissectors Secunia reports: A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an infinite recursion error in the "dissect_unknown_ber()" function in epan/dissectors/packet-ber.c and can be exploited to cause a stack overflow e.g. via a specially crafted SNMP packet. The vulnerability is confirmed in version 1.4.0 and reported in version 1.2.11 and prior and version 1.4.0 and prior. Discovery 2010-09-16 Entry 2010-11-05 wireshark ge 1.3 lt 1.4.1 ge 1.0 lt 1.2.12 wireshark-lite ge 1.3 lt 1.4.1 ge 1.0 lt 1.2.12 tshark ge 1.3 lt 1.4.1 ge 1.0 lt 1.2.12 tshark-lite ge 1.3 lt 1.4.1 ge 1.0 lt 1.2.12 CVE-2010-3445 http://www.wireshark.org/lists/wireshark-announce/201010/msg00002.html http://www.wireshark.org/lists/wireshark-announce/201010/msg00001.html
3ebb2dc8-4609-11e1-9f47-00e0815b8da8	Wireshark -- Multiple vulnerabilities Wireshark reports: Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats Wireshark could dereference a NULL pointer and crash. The RLC dissector could overflow a buffer. Discovery 2010-01-10 Entry 2012-01-23 wireshark ge 1.4 lt 1.4.11 ge 1.6.0 lt 1.6.5 wireshark-lite ge 1.4 lt 1.4.11 ge 1.6.0 lt 1.6.5 tshark ge 1.4 lt 1.4.11 ge 1.6.0 lt 1.6.5 tshark-lite ge 1.4 lt 1.4.11 ge 1.6.0 lt 1.6.5 CVE-2012-0041 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068 http://www.wireshark.org/security/wnpa-sec-2012-01.html http://www.wireshark.org/security/wnpa-sec-2012-02.html http://www.wireshark.org/security/wnpa-sec-2012-03.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391
3ebb2dc8-4609-11e1-9f47-00e0815b8da8	Wireshark -- Multiple vulnerabilities Wireshark reports: Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats Wireshark could dereference a NULL pointer and crash. The RLC dissector could overflow a buffer. Discovery 2010-01-10 Entry 2012-01-23 wireshark ge 1.4 lt 1.4.11 ge 1.6.0 lt 1.6.5 wireshark-lite ge 1.4 lt 1.4.11 ge 1.6.0 lt 1.6.5 tshark ge 1.4 lt 1.4.11 ge 1.6.0 lt 1.6.5 tshark-lite ge 1.4 lt 1.4.11 ge 1.6.0 lt 1.6.5 CVE-2012-0041 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068 http://www.wireshark.org/security/wnpa-sec-2012-01.html http://www.wireshark.org/security/wnpa-sec-2012-02.html http://www.wireshark.org/security/wnpa-sec-2012-03.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391
b2eaa7c2-e64a-11df-bc65-0022156e8794	Wireshark -- DoS in the BER-based dissectors Secunia reports: A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an infinite recursion error in the "dissect_unknown_ber()" function in epan/dissectors/packet-ber.c and can be exploited to cause a stack overflow e.g. via a specially crafted SNMP packet. The vulnerability is confirmed in version 1.4.0 and reported in version 1.2.11 and prior and version 1.4.0 and prior. Discovery 2010-09-16 Entry 2010-11-05 wireshark ge 1.3 lt 1.4.1 ge 1.0 lt 1.2.12 wireshark-lite ge 1.3 lt 1.4.1 ge 1.0 lt 1.2.12 tshark ge 1.3 lt 1.4.1 ge 1.0 lt 1.2.12 tshark-lite ge 1.3 lt 1.4.1 ge 1.0 lt 1.2.12 CVE-2010-3445 http://www.wireshark.org/lists/wireshark-announce/201010/msg00002.html http://www.wireshark.org/lists/wireshark-announce/201010/msg00001.html
a7706414-1be7-11e2-9aad-902b343deec9	Wireshark -- Multiple Vulnerabilities Wireshark reports: The HSRP dissector could go into an infinite loop. The PPP dissector could abort. Martin Wilck discovered an infinite loop in the DRDA dissector. Laurent Butti discovered a buffer overflow in the LDP dissector. Discovery 2012-10-02 Entry 2012-08-31 wireshark le 1.8.2_1 wireshark-lite le 1.8.2_1 tshark le 1.8.2_1 tshark-lite le 1.8.2_1 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 http://www.wireshark.org/security/wnpa-sec-2012-26.html http://www.wireshark.org/security/wnpa-sec-2012-27.html http://www.wireshark.org/security/wnpa-sec-2012-28.html http://www.wireshark.org/security/wnpa-sec-2012-29.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html