FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8a835235-ae84-11dc-a5f9-001a4d49522bwireshark -- multiple vulnerabilities

The Wireshark team reports of multiple vulnerabilities:

  • Wireshark could crash when reading an MP3 file.
  • Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet.
  • Stefan Esser discovered a buffer overflow in the SSL dissector.
  • The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms.
  • The Firebird/Interbase dissector could go into an infinite loop or crash.
  • The NCP dissector could cause a crash.
  • The HTTP dissector could crash on some systems while decoding chunked messages.
  • The MEGACO dissector could enter a large loop and consume system resources.
  • The DCP ETSI dissector could enter a large loop and consume system resources.
  • Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser.
  • The PPP dissector could overflow a buffer.
  • The Bluetooth SDP dissector could go into an infinite loop.
  • A malformed RPC Portmap packet could cause a crash.
  • The IPv6 dissector could loop excessively.
  • The USB dissector could loop excessively or crash.
  • The SMB dissector could crash.
  • The RPL dissector could go into an infinite loop.
  • The WiMAX dissector could crash due to unaligned access on some platforms.
  • The CIP dissector could attempt to allocate a huge amount of memory and crash.

Impact

It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.


Discovery 2007-12-19
Entry 2007-12-19
Modified 2007-12-22
wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.16 lt 0.99.7

CVE-2007-6112
CVE-2007-6113
CVE-2007-6114
CVE-2007-6115
CVE-2007-6117
CVE-2007-6118
CVE-2007-6120
CVE-2007-6121
CVE-2007-6438
CVE-2007-6439
CVE-2007-6441
CVE-2007-6450
CVE-2007-6451
http://www.wireshark.org/security/wnpa-sec-2007-03.html
7fadc049-2ba0-11dc-9377-0016179b2dd5wireshark -- Multiple problems

wireshark Team reports:

It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.


Discovery 2007-06-29
Entry 2007-07-06
Modified 2010-05-12
wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.20 lt 0.99.6

CVE-2007-3389
CVE-2007-3390
CVE-2007-3391
CVE-2007-3392
CVE-2007-3393
http://secunia.com/advisories/25833/
http://www.wireshark.org/security/wnpa-sec-2007-02.html
a2d4a330-4d54-11de-8811-0030843d3802wireshark -- PCNFSD Dissector Denial of Service Vulnerability

Secunia reports:

A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS.

The vulnerability is caused due to an error in the PCNFSD dissector and can be exploited to cause a crash via a specially crafted PCNFSD packet.


Discovery 2009-05-21
Entry 2009-05-30
Modified 2010-05-02
ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
< 1.0.8

CVE-2009-1829
http://secunia.com/advisories/35201/
http://www.wireshark.org/security/wnpa-sec-2009-03.html
defce068-39aa-11de-a493-001b77d09812wireshark -- multiple vulnerabilities

Wireshark team reports:

Wireshark 1.0.7 fixes the following vulnerabilities:

  • The PROFINET dissector was vulnerable to a format string overflow. (Bug 3382) Versions affected: 0.99.6 to 1.0.6, CVE-2009-1210.
  • The Check Point High-Availability Protocol (CPHAP) dissector could crash. (Bug 3269) Versions affected: 0.9.6 to 1.0.6; CVE-2009-1268.
  • Wireshark could crash while loading a Tektronix .rf5 file. (Bug 3366) Versions affected: 0.99.6 to 1.0.6, CVE-2009-1269.

Discovery 2009-04-06
Entry 2009-05-09
Modified 2009-05-13
ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
< 1.0.7

34291
34457
CVE-2009-1210
CVE-2009-1268
CVE-2009-1269
http://www.wireshark.org/security/wnpa-sec-2009-02.html
http://secunia.com/advisories/34542
f6f19735-9245-4918-8a60-87948ebb4907wireshark -- multiple vulnerabilities

Vendor reports:

On non-Windows systems Wireshark could crash if the HOME environment variable contained sprintf-style string formatting characters. Wireshark could crash while reading a malformed NetScreen snoop file. Wireshark could crash while reading a Tektronix K12 text capture file.


Discovery 2009-02-06
Entry 2009-03-22
Modified 2010-05-02
ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
< 1.0.6

CVE-2009-0599
CVE-2009-0600
CVE-2009-0601
http://www.wireshark.org/security/wnpa-sec-2009-01.html
baece347-c489-11dd-a721-0030843d3802wireshark -- SMTP Processing Denial of Service Vulnerability

Secunia reports:

A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS.

The vulnerability is caused due to an error in the SMTP dissector and can be exploited to trigger the execution of an infinite loop via a large SMTP packet.


Discovery 2008-11-24
Entry 2008-12-07
wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
< 1.0.4_1

CVE-2008-5285
http://secunia.com/advisories/32840/
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html