CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2906 – Wireshark CP2179 divide by zero
https://notcve.org/view.php?id=CVE-2023-2906
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. Debido a un error al validar la longitud proporcionada por un paquete CP2179 creado por un atacante, las versiones de Wireshark 2.0.0 a 4.0.7 son susceptibles a una división por cero, lo que permite un ataque de denegación de servicio. • https://gitlab.com/wireshark/wireshark/-/issues/19229 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ https://takeonme.org/cves/CVE-2023-2906.html • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-26575
https://notcve.org/view.php?id=CVE-2020-26575
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. En Wireshark versiones hasta 3.2.7, el Facebook Zero Protocol (también se conoce como FBZERO), podría entrar en un bucle infinito. Esto fue abordado en el archivo epan/dissectors/packet-fbzero.c corrigiendo la implementación del avance de compensación • https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab https://gitlab.com/wireshark/wireshark/-/issues/16887 https://gitlab.com/wireshark/wireshark/-/merge_requests/467 https://gitlab.com/wireshark/wireshark/-/merge_requests/471 https://gitlab.com/wireshark/wireshark/-/merge_requests/472 https://gitlab.com/wireshark/wireshark/-/merge_requests/473 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2019-13619
https://notcve.org/view.php?id=CVE-2019-13619
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. En Wireshark versiones 3.0.0 hasta 3.0.2, versiones 2.6.0 hasta 2.6.9 y versiones 2.4.0 hasta 2.4.15, el disector ASN.1 BER y los disectores relacionados podrían bloquearse. Esto se abordó en el archivo epan/asn1.c mediante la restricción apropiada de los incrementos del búfer. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/109293 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7e90aed666e809c0db5de9d1816802a7dcea28d9 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 84EXPL: 0CVE-2019-12295
https://notcve.org/view.php?id=CVE-2019-12295
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. En Wireshark versión 3.0.0 a 3.0.1, versión 2.6.0 a 2.6.8 y versión 2.4.0 a 2.4.14, el motor de disección podría fallar. Esto fue direccionado en epan/packet.c por la restricción del número de capas y por consiguiente limitando la recursión. • http://www.securityfocus.com/bid/108464 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7b6e197da4c497e229ed3ebf6952bae5c426a820 https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html https://support.f5.com/csp/article/K06725231 https://support.f5.com/csp/article/K06725231?utm_source=f5support&%3Butm_medium=RSS https://usn.ubuntu.com/4133-1 https://www.wireshark.org/security/wnpa-sec-2019-19.html • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-10903
https://notcve.org/view.php?id=CVE-2019-10903
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7, y 3.0.0, el disector DCERPC SPOOLSS podría cerrarse inesperadamente. Esto fue tratado en epan/disectores/packet-dcerpc-spoolss.c añadiendo una comprobación de límites. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=eafdcfa4b6d5187a5326442a82608ab03d9dddcb https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-125: Out-of-bounds Read •