CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6439 – wireshark IPv6 and USB dissector crash
https://notcve.org/view.php?id=CVE-2007-6439
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119. Wireshark (anteriormente Ethereal) versión 0.99.6, permite a los atacantes remotos causar una denegación de servicio (bucle infinito o largo) por medio del disector de (1) IPv6 o (2) USB, que puede desencadenar el consumo de recursos o un bloqueo. NOTA: este identificador originalmente incluía Firebird/Interbase, pero ya está cubierto por CVE-2007-6116. • http://bugs.gentoo.org/show_bug.cgi?id=199958 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://secunia.com/advisories/27777 http://secunia.com/advisories/28288 http://secunia.com/advisories/28304 http://secunia.com/advisories/28325 http://secunia.com/advisories/28564 http://secunia.com/advisories/29048 http://security.gentoo.org/glsa/glsa-200712-23.xml http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004 http://www.mandriva.com/security/ad • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6438 – wireshark SMB dissector crash
https://notcve.org/view.php?id=CVE-2007-6438
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111. Una vulnerabilidad no especificada en el disector del SMB en Wireshark (anteriormente Ethereal) versión 0.99.6, permite a los atacantes remotos causar una denegación de servicio por medio de vectores de ataque desconocidos. NOTA: este identificador originalmente incluía MP3 y NCP, pero esos problemas ya están cubiertos por CVE-2007-6111. • http://bugs.gentoo.org/show_bug.cgi?id=199958 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://secunia.com/advisories/27777 http://secunia.com/advisories/28288 http://secunia.com/advisories/28304 http://secunia.com/advisories/28325 http://secunia.com/advisories/28564 http://secunia.com/advisories/29048 http://security.gentoo.org/glsa/glsa-200712-23.xml http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004 http://www.mandriva.com/security/ad • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 8%CPEs: 32EXPL: 1CVE-2007-6113 – Wireshark < 0.99.5 - DNP3 Dissector Infinite Loop
https://notcve.org/view.php?id=CVE-2007-6113
Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. Un error en la propiedad signedness de enteros en el disector de DNP3 en Wireshark (anteriormente Ethereal) versiones 0.10.12 hasta 0.99.6, permite a atacantes remotos causar una denegación de servicio (bucle largo) por medio de un paquete DNP3 malformado. • https://www.exploit-db.com/exploits/4347 http://bugs.gentoo.org/show_bug.cgi?id=199958 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://secunia.com/advisories/27777 http://secunia.com/advisories/28197 http://secunia.com/advisories/28207 http://secunia.com/advisories/28288 http://secunia.com/advisories/28304 http://secunia.com/advisories/28325 http://secunia.com/advisories/28564 http://secunia.com/advisories/28583 http://secunia.com/advisori • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 69EXPL: 0CVE-2007-6111 – wireshark mp3 and ncp flaws
https://notcve.org/view.php?id=CVE-2007-6111
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. Múltiples vulnerabilidades no especificadas en Wireshark (formalmente Ethereal) que permiten que atacantes remotos provoquen una denegación de servicio (por caída) usando: (1) un fichero MP3 manipulado, o (2) vectores no especificados en el NCP dissector. • http://bugs.gentoo.org/show_bug.cgi?id=199958 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://secunia.com/advisories/27777 http://secunia.com/advisories/28197 http://secunia.com/advisories/28207 http://secunia.com/advisories/28288 http://secunia.com/advisories/28304 http://secunia.com/advisories/28325 http://secunia.com/advisories/28564 http://secunia.com/advisories/29048 http://security.gentoo.org/glsa/glsa-200712-23.xml http://securitytra •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2007-6112 – wireshark ppp flaws
https://notcve.org/view.php?id=CVE-2007-6112
Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. Desbordamiento de buffer en el PPP dissector Wireshark (formalmente Ethereal) que permite que atacantes remotos provoquen una denegación de servicio (por caída), y que posiblmente ejecuten código de su elección a través de vectores desconocidos. • http://bugs.gentoo.org/show_bug.cgi?id=199958 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://secunia.com/advisories/27777 http://secunia.com/advisories/28197 http://secunia.com/advisories/28207 http://secunia.com/advisories/28288 http://secunia.com/advisories/28304 http://secunia.com/advisories/28325 http://secunia.com/advisories/28564 http://secunia.com/advisories/29048 http://security.gentoo.org/glsa/glsa-200712-23.xml http://securitytra • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •