CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-26575 – Gentoo Linux Security Advisory 202011-08
https://notcve.org/view.php?id=CVE-2020-26575
06 Oct 2020 — In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. En Wireshark versiones hasta 3.2.7, el Facebook Zero Protocol (también se conoce como FBZERO), podría entrar en un bucle infinito. Esto fue abordado en el archivo epan/dissectors/packet-fbzero.c corrigiendo la implementación del avance de compensación Multiple vulnerabilities have been fo... • https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14438
https://notcve.org/view.php?id=CVE-2018-14438
20 Jul 2018 — In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. En Wireshark hasta la versión 2.6.2, la función create_app_running_mutex en wsutil/file_util.c llama a SetSecurityDescriptorDacl para establecer un DACL NULL que permite que los atacantes modifiquen el control de acceso de forma arbitraria. • http://www.securityfocus.com/bid/104876 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-6836
https://notcve.org/view.php?id=CVE-2018-6836
08 Feb 2018 — The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. La función netmonrec_comment_destroy en wiretap/netmon.c en Wireshark, hasta la versión 2.4.4, realiza una operación de liberación en una dirección de memoria no inicializada, lo que permite que atacantes remotos provoquen una denegación de s... • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17997
https://notcve.org/view.php?id=CVE-2017-17997
30 Dec 2017 — In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. En Wireshark, en versiones anteriores a la 2.2.12, el disector MRDISC emplea de forma incorrecta un puntero NULL y se cierra inesperadamente. Esto se trató en epan/dissectors/packet-mrdisc.c validando la longitud de una dirección IPv4. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17935
https://notcve.org/view.php?id=CVE-2017-17935
27 Dec 2017 — The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. La función File_read_line en epan/wslua/wslua_file.c en Wireshark hasta la versión 2.2.11 no elimina correctamente caracteres "\n", lo que permite que atacantes remotos provoquen una denegación de servicio (sub... • http://www.securityfocus.com/bid/102311 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6014 – Debian Security Advisory 3811-1
https://notcve.org/view.php?id=CVE-2017-6014
17 Feb 2017 — In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. En Wireshark 2.2.4 y versiones anteriores, un archivo de captura STANAG 4607 manipulado o mal formado causará un bucle infinito y agotamiento de memoria. Si el campo de tamaño ... • http://www.debian.org/security/2017/dsa-3811 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3814 – Gentoo Linux Security Advisory 201510-03
https://notcve.org/view.php?id=CVE-2015-3814
26 May 2015 — The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Las funciones (1) dissect_tfs_request y (2) dissect_tfs_response en epan/dissectors/packet-ieee80211.c en el disector IEEE 802.11 en Wireshark 1.10.x ante... • http://www.debian.org/security/2015/dsa-3277 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3811 – wireshark: WCP dissector crash (wnpa-sec-2015-14)
https://notcve.org/view.php?id=CVE-2015-3811
26 May 2015 — epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. epan/dissectors/packet-wcp.c en el disector WCP en Wireshark 1.10.x anterior a 1.10.14 y 1.12.x anterior a 1.12.5 refiere incorrectamente a bytes previamente procesados, lo que permite a atacantes remotos c... • http://rhn.redhat.com/errata/RHSA-2017-0631.html • CWE-17: DEPRECATED: Code CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3812 – wireshark: X11 memory leak (wnpa-sec-2015-15)
https://notcve.org/view.php?id=CVE-2015-3812
26 May 2015 — Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. Múltiples fugas de memoria en la función x11_init_protocol en epan/dissectors/packet-x11.c en el disector X11 en Wireshark 1.10.x anterior a 1.10.14 y 1.12.x anterior a 1.12.5 permiten a atacantes remotos causar una denegación de servicio (consumo ... • http://rhn.redhat.com/errata/RHSA-2017-0631.html • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2015-2188 – wireshark: The WCP dissector could crash while decompressing data (wnpa-sec-2015-07)
https://notcve.org/view.php?id=CVE-2015-2188
08 Mar 2015 — epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. epan/dissectors/packet-wcp.c en el disector WCP en Wireshark 1.10.x anterior a 1.10.13 y 1.12.x anterior a 1.12.4 no inicializa correctamente una estructura de datos, lo que permite a... • http://advisories.mageia.org/MGASA-2015-0117.html • CWE-19: Data Processing Errors CWE-125: Out-of-bounds Read •