FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  366223
Date:      2014-08-26
Time:      16:36:41Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b2eaa7c2-e64a-11df-bc65-0022156e8794Wireshark -- DoS in the BER-based dissectors

Secunia reports:

A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an infinite recursion error in the "dissect_unknown_ber()" function in epan/dissectors/packet-ber.c and can be exploited to cause a stack overflow e.g. via a specially crafted SNMP packet.

The vulnerability is confirmed in version 1.4.0 and reported in version 1.2.11 and prior and version 1.4.0 and prior.


Discovery 2010-09-16
Entry 2010-11-05
wireshark
ge 1.3 lt 1.4.1

ge 1.0 lt 1.2.12

wireshark-lite
ge 1.3 lt 1.4.1

ge 1.0 lt 1.2.12

tshark
ge 1.3 lt 1.4.1

ge 1.0 lt 1.2.12

tshark-lite
ge 1.3 lt 1.4.1

ge 1.0 lt 1.2.12

CVE-2010-3445
http://www.wireshark.org/lists/wireshark-announce/201010/msg00002.html
http://www.wireshark.org/lists/wireshark-announce/201010/msg00001.html
b2eaa7c2-e64a-11df-bc65-0022156e8794Wireshark -- DoS in the BER-based dissectors

Secunia reports:

A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an infinite recursion error in the "dissect_unknown_ber()" function in epan/dissectors/packet-ber.c and can be exploited to cause a stack overflow e.g. via a specially crafted SNMP packet.

The vulnerability is confirmed in version 1.4.0 and reported in version 1.2.11 and prior and version 1.4.0 and prior.


Discovery 2010-09-16
Entry 2010-11-05
wireshark
ge 1.3 lt 1.4.1

ge 1.0 lt 1.2.12

wireshark-lite
ge 1.3 lt 1.4.1

ge 1.0 lt 1.2.12

tshark
ge 1.3 lt 1.4.1

ge 1.0 lt 1.2.12

tshark-lite
ge 1.3 lt 1.4.1

ge 1.0 lt 1.2.12

CVE-2010-3445
http://www.wireshark.org/lists/wireshark-announce/201010/msg00002.html
http://www.wireshark.org/lists/wireshark-announce/201010/msg00001.html
4cdfe875-e8d6-11e1-bea0-002354ed89bcWireshark -- Multiple vulnerabilities

Wireshark reports:

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

The PPP dissector could crash.

The NFS dissector could use excessive amounts of CPU.

The DCP ETSI dissector could trigger a zero division.

The MongoDB dissector could go into a large loop.

The XTP dissector could go into an infinite loop.

The ERF dissector could overflow a buffer.

The AFP dissector could go into a large loop.

The RTPS2 dissector could overflow a buffer.

The GSM RLC MAC dissector could overflow a buffer.

The CIP dissector could exhaust system memory.

The STUN dissector could crash.

The EtherCAT Mailbox dissector could abort.

The CTDB dissector could go into a large loop.

The pcap-ng file parser could trigger a zero division.

The Ixia IxVeriWave file parser could overflow a buffer.


Discovery 2012-07-22
Entry 2012-08-18
wireshark
lt 1.8.2

wireshark-lite
lt 1.8.2

tshark
lt 1.8.2

tshark-lite
lt 1.8.2

CVE-2012-4048
CVE-2012-4049
CVE-2012-4285
CVE-2012-4286
CVE-2012-4287
CVE-2012-4288
CVE-2012-4289
CVE-2012-4290
CVE-2012-4291
CVE-2012-4292
CVE-2012-4293
CVE-2012-4294
CVE-2012-4295
CVE-2012-4296
CVE-2012-4297
CVE-2012-4298
http://www.wireshark.org/security/wnpa-sec-2012-11.html
http://www.wireshark.org/security/wnpa-sec-2012-12.html
http://www.wireshark.org/security/wnpa-sec-2012-13.html
http://www.wireshark.org/security/wnpa-sec-2012-14.html
http://www.wireshark.org/security/wnpa-sec-2012-15.html
http://www.wireshark.org/security/wnpa-sec-2012-16.html
http://www.wireshark.org/security/wnpa-sec-2012-17.html
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://www.wireshark.org/security/wnpa-sec-2012-19.html
http://www.wireshark.org/security/wnpa-sec-2012-20.html
http://www.wireshark.org/security/wnpa-sec-2012-21.html
http://www.wireshark.org/security/wnpa-sec-2012-22.html
http://www.wireshark.org/security/wnpa-sec-2012-23.html
http://www.wireshark.org/security/wnpa-sec-2012-24.html
http://www.wireshark.org/security/wnpa-sec-2012-25.html
3ebb2dc8-4609-11e1-9f47-00e0815b8da8Wireshark -- Multiple vulnerabilities

Wireshark reports:

Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats

Wireshark could dereference a NULL pointer and crash.

The RLC dissector could overflow a buffer.


Discovery 2010-01-10
Entry 2012-01-23
wireshark
ge 1.4 lt 1.4.11

ge 1.6.0 lt 1.6.5

wireshark-lite
ge 1.4 lt 1.4.11

ge 1.6.0 lt 1.6.5

tshark
ge 1.4 lt 1.4.11

ge 1.6.0 lt 1.6.5

tshark-lite
ge 1.4 lt 1.4.11

ge 1.6.0 lt 1.6.5

CVE-2012-0041
CVE-2012-0066
CVE-2012-0067
CVE-2012-0068
http://www.wireshark.org/security/wnpa-sec-2012-01.html
http://www.wireshark.org/security/wnpa-sec-2012-02.html
http://www.wireshark.org/security/wnpa-sec-2012-03.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391
3ebb2dc8-4609-11e1-9f47-00e0815b8da8Wireshark -- Multiple vulnerabilities

Wireshark reports:

Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats

Wireshark could dereference a NULL pointer and crash.

The RLC dissector could overflow a buffer.


Discovery 2010-01-10
Entry 2012-01-23
wireshark
ge 1.4 lt 1.4.11

ge 1.6.0 lt 1.6.5

wireshark-lite
ge 1.4 lt 1.4.11

ge 1.6.0 lt 1.6.5

tshark
ge 1.4 lt 1.4.11

ge 1.6.0 lt 1.6.5

tshark-lite
ge 1.4 lt 1.4.11

ge 1.6.0 lt 1.6.5

CVE-2012-0041
CVE-2012-0066
CVE-2012-0067
CVE-2012-0068
http://www.wireshark.org/security/wnpa-sec-2012-01.html
http://www.wireshark.org/security/wnpa-sec-2012-02.html
http://www.wireshark.org/security/wnpa-sec-2012-03.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391
a7706414-1be7-11e2-9aad-902b343deec9Wireshark -- Multiple Vulnerabilities

Wireshark reports:

The HSRP dissector could go into an infinite loop.

The PPP dissector could abort.

Martin Wilck discovered an infinite loop in the DRDA dissector.

Laurent Butti discovered a buffer overflow in the LDP dissector.


Discovery 2012-10-02
Entry 2012-10-22
Modified 2013-06-19
wireshark
le 1.8.2_1

wireshark-lite
le 1.8.2_1

tshark
le 1.8.2_1

tshark-lite
le 1.8.2_1

CVE-2012-5237
CVE-2012-5238
CVE-2012-5239
CVE-2012-5240
http://www.wireshark.org/security/wnpa-sec-2012-26.html
http://www.wireshark.org/security/wnpa-sec-2012-27.html
http://www.wireshark.org/security/wnpa-sec-2012-28.html
http://www.wireshark.org/security/wnpa-sec-2012-29.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html