VuXML ID | Description |
a7706414-1be7-11e2-9aad-902b343deec9 | Wireshark -- Multiple Vulnerabilities
Wireshark reports:
The HSRP dissector could go into an infinite loop.
The PPP dissector could abort.
Martin Wilck discovered an infinite loop in the DRDA
dissector.
Laurent Butti discovered a buffer overflow in the LDP
dissector.
Discovery 2012-10-02 Entry 2012-10-22 Modified 2013-06-19 wireshark
le 1.8.2_1
wireshark-lite
le 1.8.2_1
tshark
le 1.8.2_1
tshark-lite
le 1.8.2_1
CVE-2012-5237
CVE-2012-5238
CVE-2012-5239
CVE-2012-5240
http://www.wireshark.org/security/wnpa-sec-2012-26.html
http://www.wireshark.org/security/wnpa-sec-2012-27.html
http://www.wireshark.org/security/wnpa-sec-2012-28.html
http://www.wireshark.org/security/wnpa-sec-2012-29.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html
|
baece347-c489-11dd-a721-0030843d3802 | wireshark -- SMTP Processing Denial of Service Vulnerability
Secunia reports:
A vulnerability has been reported in Wireshark, which can be
exploited by malicious people to cause a DoS.
The vulnerability is caused due to an error in the SMTP dissector
and can be exploited to trigger the execution of an infinite loop via
a large SMTP packet.
Discovery 2008-11-24 Entry 2008-12-07 wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
< 1.0.4_1
CVE-2008-5285
http://secunia.com/advisories/32840/
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html
|
a13500d0-0570-11e5-aab1-d050996490d0 | wireshark -- multiple vulnerabilities
Wireshark development team reports:
The following vulnerabilities have been fixed.
wnpa-sec-2015-12
The LBMR dissector could go into an infinite loop.
(Bug 11036) CVE-2015-3808, CVE-2015-3809
wnpa-sec-2015-13
The WebSocket dissector could recurse excessively.
(Bug 10989) CVE-2015-3810
wnpa-sec-2015-14
The WCP dissector could crash while decompressing data.
(Bug 10978) CVE-2015-3811
wnpa-sec-2015-15
The X11 dissector could leak memory. (Bug 11088)
CVE-2015-3812
wnpa-sec-2015-16
The packet reassembly code could leak memory.
(Bug 11129) CVE-2015-3813
wnpa-sec-2015-17
The IEEE 802.11 dissector could go into an infinite loop.
(Bug 11110) CVE-2015-3814
wnpa-sec-2015-18
The Android Logcat file parser could crash. Discovered by
Hanno Böck. (Bug 11188) CVE-2015-3815
Discovery 2015-05-12 Entry 2015-05-28 wireshark
wireshark-lite
tshark
tshark-lite
< 1.12.5
CVE-2015-3808
CVE-2015-3809
CVE-2015-3810
CVE-2015-3811
CVE-2015-3812
CVE-2015-3813
CVE-2015-3814
CVE-2015-3815
https://www.wireshark.org/docs/relnotes/wireshark-1.12.5.html
https://www.wireshark.org/security/wnpa-sec-2015-12.html
https://www.wireshark.org/security/wnpa-sec-2015-13.html
https://www.wireshark.org/security/wnpa-sec-2015-14.html
https://www.wireshark.org/security/wnpa-sec-2015-15.html
https://www.wireshark.org/security/wnpa-sec-2015-16.html
https://www.wireshark.org/security/wnpa-sec-2015-17.html
https://www.wireshark.org/security/wnpa-sec-2015-18.html
|
4cdfe875-e8d6-11e1-bea0-002354ed89bc | Wireshark -- Multiple vulnerabilities
Wireshark reports:
It may be possible to make Wireshark crash by injecting a
malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.
It may be possible to make Wireshark consume excessive CPU
resources by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file.
The PPP dissector could crash.
The NFS dissector could use excessive amounts of CPU.
The DCP ETSI dissector could trigger a zero division.
The MongoDB dissector could go into a large loop.
The XTP dissector could go into an infinite loop.
The ERF dissector could overflow a buffer.
The AFP dissector could go into a large loop.
The RTPS2 dissector could overflow a buffer.
The GSM RLC MAC dissector could overflow a buffer.
The CIP dissector could exhaust system memory.
The STUN dissector could crash.
The EtherCAT Mailbox dissector could abort.
The CTDB dissector could go into a large loop.
The pcap-ng file parser could trigger a zero division.
The Ixia IxVeriWave file parser could overflow a buffer.
Discovery 2012-07-22 Entry 2012-08-18 wireshark
< 1.8.2
wireshark-lite
< 1.8.2
tshark
< 1.8.2
tshark-lite
< 1.8.2
CVE-2012-4048
CVE-2012-4049
CVE-2012-4285
CVE-2012-4286
CVE-2012-4287
CVE-2012-4288
CVE-2012-4289
CVE-2012-4290
CVE-2012-4291
CVE-2012-4292
CVE-2012-4293
CVE-2012-4294
CVE-2012-4295
CVE-2012-4296
CVE-2012-4297
CVE-2012-4298
http://www.wireshark.org/security/wnpa-sec-2012-11.html
http://www.wireshark.org/security/wnpa-sec-2012-12.html
http://www.wireshark.org/security/wnpa-sec-2012-13.html
http://www.wireshark.org/security/wnpa-sec-2012-14.html
http://www.wireshark.org/security/wnpa-sec-2012-15.html
http://www.wireshark.org/security/wnpa-sec-2012-16.html
http://www.wireshark.org/security/wnpa-sec-2012-17.html
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://www.wireshark.org/security/wnpa-sec-2012-19.html
http://www.wireshark.org/security/wnpa-sec-2012-20.html
http://www.wireshark.org/security/wnpa-sec-2012-21.html
http://www.wireshark.org/security/wnpa-sec-2012-22.html
http://www.wireshark.org/security/wnpa-sec-2012-23.html
http://www.wireshark.org/security/wnpa-sec-2012-24.html
http://www.wireshark.org/security/wnpa-sec-2012-25.html
|
610101ea-5b6a-11e6-b334-002590263bf5 | wireshark -- multiple vulnerabilities
Wireshark development team reports:
The following vulnerabilities have been fixed:
wnpa-sec-2016-41
PacketBB crash. (Bug 12577)
wnpa-sec-2016-42
WSP infinite loop. (Bug 12594)
wnpa-sec-2016-44
RLC long loop. (Bug 12660)
wnpa-sec-2016-45
LDSS dissector crash. (Bug 12662)
wnpa-sec-2016-46
RLC dissector crash. (Bug 12664)
wnpa-sec-2016-47
OpenFlow long loop. (Bug 12659)
wnpa-sec-2016-48
MMSE, WAP, WBXML, and WSP infinite loop. (Bug 12661)
wnpa-sec-2016-49
WBXML crash. (Bug 12663)
Discovery 2016-07-27 Entry 2016-08-06 wireshark
wireshark-lite
wireshark-qt5
tshark
tshark-lite
< 2.0.5
CVE-2016-6505
CVE-2016-6506
CVE-2016-6508
CVE-2016-6509
CVE-2016-6510
CVE-2016-6511
CVE-2016-6512
CVE-2016-6513
https://www.wireshark.org/docs/relnotes/wireshark-2.0.5.html
http://www.openwall.com/lists/oss-security/2016/08/01/4
|
24e4d383-7b3e-11e5-a250-68b599b52a02 | wireshark -- Pcapng file parser crash
Wireshark development team reports:
The following vulnerability has been fixed.
Discovery 2015-10-14 Entry 2015-10-25 wireshark
wireshark-lite
wireshark-qt5
tshark
tshark-lite
< 1.12.8
https://www.wireshark.org/docs/relnotes/wireshark-1.12.8.html
CVE-2015-7830
|
defce068-39aa-11de-a493-001b77d09812 | wireshark -- multiple vulnerabilities
Wireshark team reports:
Wireshark 1.0.7 fixes the following vulnerabilities:
- The PROFINET dissector was vulnerable to a format
string overflow. (Bug 3382) Versions affected: 0.99.6 to
1.0.6, CVE-2009-1210.
- The Check Point High-Availability Protocol (CPHAP)
dissector could crash. (Bug 3269) Versions affected: 0.9.6
to 1.0.6; CVE-2009-1268.
- Wireshark could crash while loading a Tektronix .rf5
file. (Bug 3366) Versions affected: 0.99.6 to 1.0.6,
CVE-2009-1269.
Discovery 2009-04-06 Entry 2009-05-09 Modified 2009-05-13 ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
< 1.0.7
34291
34457
CVE-2009-1210
CVE-2009-1268
CVE-2009-1269
http://www.wireshark.org/security/wnpa-sec-2009-02.html
http://secunia.com/advisories/34542
|
8a835235-ae84-11dc-a5f9-001a4d49522b | wireshark -- multiple vulnerabilities
The Wireshark team reports of multiple vulnerabilities:
- Wireshark could crash when reading an MP3 file.
- Beyond Security discovered that Wireshark could loop
excessively while reading a malformed DNP packet.
- Stefan Esser discovered a buffer overflow in the SSL
dissector.
- The ANSI MAP dissector could be susceptible to a
buffer overflow on some platforms.
- The Firebird/Interbase dissector could go into an
infinite loop or crash.
- The NCP dissector could cause a crash.
- The HTTP dissector could crash on some systems while
decoding chunked messages.
- The MEGACO dissector could enter a large loop and
consume system resources.
- The DCP ETSI dissector could enter a large loop and
consume system resources.
- Fabiodds discovered a buffer overflow in the iSeries
(OS/400) Communication trace file parser.
- The PPP dissector could overflow a buffer.
- The Bluetooth SDP dissector could go into an infinite
loop.
- A malformed RPC Portmap packet could cause a
crash.
- The IPv6 dissector could loop excessively.
- The USB dissector could loop excessively or crash.
- The SMB dissector could crash.
- The RPL dissector could go into an infinite loop.
- The WiMAX dissector could crash due to unaligned
access on some platforms.
- The CIP dissector could attempt to allocate a huge
amount of memory and crash.
Impact
It may be possible to make Wireshark or Ethereal crash or
use up available memory by injecting a purposefully
malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.
Discovery 2007-12-19 Entry 2007-12-19 Modified 2007-12-22 wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.16 lt 0.99.7
CVE-2007-6112
CVE-2007-6113
CVE-2007-6114
CVE-2007-6115
CVE-2007-6117
CVE-2007-6118
CVE-2007-6120
CVE-2007-6121
CVE-2007-6438
CVE-2007-6439
CVE-2007-6441
CVE-2007-6450
CVE-2007-6451
http://www.wireshark.org/security/wnpa-sec-2007-03.html
|
7fff2b16-b0ee-11e6-86b8-589cfc054129 | wireshark -- multiple vulnerabilities
Wireshark project reports:
Wireshark project is releasing Wireshark 2.2.2, which addresses:
- wnpa-sec-2016-58: Profinet I/O long loop - CVE-2016-9372
- wnpa-sec-2016-59: AllJoyn crash - CVE-2016-9374
- wnpa-sec-2016-60: OpenFlow crash - CVE-2016-9376
- wnpa-sec-2016-61: DCERPC crash - CVE-2016-9373
- wnpa-sec-2016-62: DTN infinite loop - CVE-2016-9375
Discovery 2016-11-16 Entry 2016-12-01 tshark
< 2.2.2
tshark-lite
< 2.2.2
wireshark
< 2.2.2
wireshark-lite
< 2.2.2
wireshark-qt5
< 2.2.2
https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
CVE-2016-9372
CVE-2016-9373
CVE-2016-9374
CVE-2016-9375
CVE-2016-9376
|
45117749-df55-11e5-b2bd-002590263bf5 | wireshark -- multiple vulnerabilities
Wireshark development team reports:
The following vulnerabilities have been fixed:
wnpa-sec-2016-02
ASN.1 BER dissector crash. (Bug 11828) CVE-2016-2522
wnpa-sec-2016-03
DNP dissector infinite loop. (Bug 11938) CVE-2016-2523
wnpa-sec-2016-04
X.509AF dissector crash. (Bug 12002) CVE-2016-2524
wnpa-sec-2016-05
HTTP/2 dissector crash. (Bug 12077) CVE-2016-2525
wnpa-sec-2016-06
HiQnet dissector crash. (Bug 11983) CVE-2016-2526
wnpa-sec-2016-07
3GPP TS 32.423 Trace file parser crash. (Bug 11982)
CVE-2016-2527
wnpa-sec-2016-08
LBMC dissector crash. (Bug 11984) CVE-2016-2528
wnpa-sec-2016-09
iSeries file parser crash. (Bug 11985) CVE-2016-2529
wnpa-sec-2016-10
RSL dissector crash. (Bug 11829) CVE-2016-2530
CVE-2016-2531
wnpa-sec-2016-11
LLRP dissector crash. (Bug 12048) CVE-2016-2532
wnpa-sec-2016-12
Ixia IxVeriWave file parser crash. (Bug 11795)
wnpa-sec-2016-13
IEEE 802.11 dissector crash. (Bug 11818)
wnpa-sec-2016-14
GSM A-bis OML dissector crash. (Bug 11825)
wnpa-sec-2016-15
ASN.1 BER dissector crash. (Bug 12106)
wnpa-sec-2016-16
SPICE dissector large loop. (Bug 12151)
wnpa-sec-2016-17
NFS dissector crash.
wnpa-sec-2016-18
ASN.1 BER dissector crash. (Bug 11822)
Discovery 2016-02-26 Entry 2016-03-01 Modified 2016-07-04 wireshark
wireshark-lite
wireshark-qt5
tshark
tshark-lite
< 2.0.2
CVE-2016-2522
CVE-2016-2523
CVE-2016-2524
CVE-2016-2525
CVE-2016-2526
CVE-2016-2527
CVE-2016-2528
CVE-2016-2529
CVE-2016-2530
CVE-2016-2531
CVE-2016-2532
CVE-2016-4415
CVE-2016-4416
CVE-2016-4417
CVE-2016-4418
CVE-2016-4419
CVE-2016-4420
CVE-2016-4421
https://www.wireshark.org/docs/relnotes/wireshark-2.0.2.html
http://www.openwall.com/lists/oss-security/2016/05/01/1
|
a2d4a330-4d54-11de-8811-0030843d3802 | wireshark -- PCNFSD Dissector Denial of Service Vulnerability
Secunia reports:
A vulnerability has been reported in Wireshark, which can be
exploited by malicious people to cause a DoS.
The vulnerability is caused due to an error in the PCNFSD dissector
and can be exploited to cause a crash via a specially crafted PCNFSD
packet.
Discovery 2009-05-21 Entry 2009-05-30 Modified 2010-05-02 ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
< 1.0.8
CVE-2009-1829
http://secunia.com/advisories/35201/
http://www.wireshark.org/security/wnpa-sec-2009-03.html
|
9bdd8eb5-564a-11e5-9ad8-14dae9d210b8 | wireshark -- multiple vulnerabilities
Wireshark development team reports:
The following vulnerabilities have been fixed.
wnpa-sec-2015-21
Protocol tree crash. (Bug 11309)
wnpa-sec-2015-22
Memory manager crash. (Bug 11373)
wnpa-sec-2015-23
Dissector table crash. (Bug 11381)
wnpa-sec-2015-24
ZigBee crash. (Bug 11389)
wnpa-sec-2015-25
GSM RLC/MAC infinite loop. (Bug 11358)
wnpa-sec-2015-26
WaveAgent crash. (Bug 11358)
wnpa-sec-2015-27
OpenFlow infinite loop. (Bug 11358)
wnpa-sec-2015-28
Ptvcursor crash. (Bug 11358)
wnpa-sec-2015-29
WCCP crash. (Bug 11358)
Discovery 2015-08-12 Entry 2015-09-08 Modified 2015-09-08 wireshark
wireshark-lite
wireshark-qt5
tshark
tshark-lite
< 1.12.7
https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html
CVE-2015-6241
CVE-2015-6242
CVE-2015-6243
CVE-2015-6244
CVE-2015-6245
CVE-2015-6246
CVE-2015-6247
CVE-2015-6248
CVE-2015-6249
|
313e9557-41e8-11e6-ab34-002590263bf5 | wireshark -- multiple vulnerabilities
Wireshark development team reports:
The following vulnerabilities have been fixed:
wnpa-sec-2016-29
The SPOOLS dissector could go into an infinite loop. Discovered
by the CESG.
wnpa-sec-2016-30
The IEEE 802.11 dissector could crash. (Bug 11585)
wnpa-sec-2016-31
The IEEE 802.11 dissector could crash. Discovered by Mateusz
Jurczyk. (Bug 12175)
wnpa-sec-2016-32
The UMTS FP dissector could crash. (Bug 12191)
wnpa-sec-2016-33
Some USB dissectors could crash. Discovered by Mateusz
Jurczyk. (Bug 12356)
wnpa-sec-2016-34
The Toshiba file parser could crash. Discovered by iDefense
Labs. (Bug 12394)
wnpa-sec-2016-35
The CoSine file parser could crash. Discovered by iDefense
Labs. (Bug 12395)
wnpa-sec-2016-36
The NetScreen file parser could crash. Discovered by iDefense
Labs. (Bug 12396)
wnpa-sec-2016-37
The Ethernet dissector could crash. (Bug 12440)
Discovery 2016-06-07 Entry 2016-07-04 wireshark
wireshark-lite
wireshark-qt5
tshark
tshark-lite
< 2.0.4
CVE-2016-5350
CVE-2016-5351
CVE-2016-5352
CVE-2016-5353
CVE-2016-5354
CVE-2016-5355
CVE-2016-5356
CVE-2016-5357
CVE-2016-5358
https://www.wireshark.org/docs/relnotes/wireshark-2.0.4.html
http://www.openwall.com/lists/oss-security/2016/06/09/4
|
7e36c369-10c0-11e6-94fa-002590263bf5 | wireshark -- multiple vulnerabilities
Wireshark development team reports:
The following vulnerabilities have been fixed:
wnpa-sec-2016-19
The NCP dissector could crash. (Bug 11591)
wnpa-sec-2016-20
TShark could crash due to a packet reassembly bug. (Bug 11799)
wnpa-sec-2016-21
The IEEE 802.11 dissector could crash. (Bug 11824, Bug 12187)
wnpa-sec-2016-22
The PKTC dissector could crash. (Bug 12206)
wnpa-sec-2016-23
The PKTC dissector could crash. (Bug 12242)
wnpa-sec-2016-24
The IAX2 dissector could go into an infinite loop. (Bug
12260)
wnpa-sec-2016-25
Wireshark and TShark could exhaust the stack. (Bug 12268)
wnpa-sec-2016-26
The GSM CBCH dissector could crash. (Bug 12278)
wnpa-sec-2016-27
MS-WSP dissector crash. (Bug 12341)
Discovery 2016-04-22 Entry 2016-05-02 Modified 2016-07-04 wireshark
wireshark-lite
wireshark-qt5
tshark
tshark-lite
< 2.0.3
CVE-2016-4076
CVE-2016-4077
CVE-2016-4078
CVE-2016-4079
CVE-2016-4080
CVE-2016-4081
CVE-2016-4006
CVE-2016-4082
CVE-2016-4083
CVE-2016-4084
https://www.wireshark.org/docs/relnotes/wireshark-2.0.3.html
http://www.openwall.com/lists/oss-security/2016/04/25/2
|
f6f19735-9245-4918-8a60-87948ebb4907 | wireshark -- multiple vulnerabilities
Vendor reports:
On non-Windows systems Wireshark could crash if the HOME
environment variable contained sprintf-style string formatting
characters. Wireshark could crash while reading a malformed
NetScreen snoop file. Wireshark could crash while reading a
Tektronix K12 text capture file.
Discovery 2009-02-06 Entry 2009-03-22 Modified 2010-05-02 ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
< 1.0.6
CVE-2009-0599
CVE-2009-0600
CVE-2009-0601
http://www.wireshark.org/security/wnpa-sec-2009-01.html
|
42c2c422-df55-11e5-b2bd-002590263bf5 | wireshark -- multiple vulnerabilities
Wireshark development team reports:
The following vulnerabilities have been fixed:
wnpa-sec-2015-31
NBAP dissector crashes. (Bug 11602, Bug 11835, Bug 11841)
wnpa-sec-2015-37
NLM dissector crash.
wnpa-sec-2015-39
BER dissector crash.
wnpa-sec-2015-40
Zlib decompression crash. (Bug 11548)
wnpa-sec-2015-41
SCTP dissector crash. (Bug 11767)
wnpa-sec-2015-42
802.11 decryption crash. (Bug 11790, Bug 11826)
wnpa-sec-2015-43
DIAMETER dissector crash. (Bug 11792)
wnpa-sec-2015-44
VeriWave file parser crashes. (Bug 11789, Bug 11791)
wnpa-sec-2015-45
RSVP dissector crash. (Bug 11793)
wnpa-sec-2015-46
ANSI A and GSM A dissector crashes. (Bug 11797)
wnpa-sec-2015-47
Ascend file parser crash. (Bug 11794)
wnpa-sec-2015-48
NBAP dissector crash. (Bug 11815)
wnpa-sec-2015-49
RSL dissector crash. (Bug 11829)
wnpa-sec-2015-50
ZigBee ZCL dissector crash. (Bug 11830)
wnpa-sec-2015-51
Sniffer file parser crash. (Bug 11827)
wnpa-sec-2015-52
NWP dissector crash. (Bug 11726)
wnpa-sec-2015-53
BT ATT dissector crash. (Bug 11817)
wnpa-sec-2015-54
MP2T file parser crash. (Bug 11820)
wnpa-sec-2015-55
MP2T file parser crash. (Bug 11821)
wnpa-sec-2015-56
S7COMM dissector crash. (Bug 11823)
wnpa-sec-2015-57
IPMI dissector crash. (Bug 11831)
wnpa-sec-2015-58
TDS dissector crash. (Bug 11846)
wnpa-sec-2015-59
PPI dissector crash. (Bug 11876)
wnpa-sec-2015-60
MS-WSP dissector crash. (Bug 11931)
Discovery 2015-12-29 Entry 2016-03-01 wireshark
wireshark-lite
wireshark-qt5
tshark
tshark-lite
< 2.0.1
https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html
|
bb0a8795-15dc-11df-bf0a-002170daae37 | wireshark -- LWRES vulnerability
Wireshark project reports:
Babi discovered several buffer overflows in the
LWRES dissector.
It may be possible to make Wireshark crash remotely
or by convincing someone to read a malformed packet
trace file.
Discovery 2010-01-27 Entry 2010-02-10 wireshark
wireshark-lite
< 1.2.6
CVE-2010-0304
http://secunia.com/advisories/38257/
http://www.wireshark.org/security/wnpa-sec-2010-02.html
|