CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6425 – wireshark: CUPS dissector crash (wnpa-sec-2014-15)
https://notcve.org/view.php?id=CVE-2014-6425
20 Sep 2014 — The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. Las funciones (1) get_quoted_string y (2) get_unquoted_string en epan/dissectors/packet-cups.c en el diseccionador CUPS en Wireshark 1.10.x anterior a 1.10.10 y 1.12.x anterior a 1.12.1 permite a atacantes remo... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6426 – wireshark: HIP dissector infinite loop (wnpa-sec-2014-16)
https://notcve.org/view.php?id=CVE-2014-6426
20 Sep 2014 — The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. La función dissect_hip_tlv en epan/dissectors/packet-hip.c en el diseccionador HIP en Wireshark 1.12.x anterior a 1.12.1 no maneja adecuadamente un árbol nulo, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un ... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-6427 – wireshark: RTSP dissector crash (wnpa-sec-2014-17)
https://notcve.org/view.php?id=CVE-2014-6427
20 Sep 2014 — Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. Error de superación de límite (off-by-one) en la función is_rtsp_request_or_reply en epan/dissectors/packet-rtsp.c en el diseccionador RTSP en Wireshark 1.10.x an... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-6428 – wireshark: SES dissector crash (wnpa-sec-2014-18)
https://notcve.org/view.php?id=CVE-2014-6428
20 Sep 2014 — The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_spdu en epan/dissectors/packet-ses.c en el diseccionador SES en Wireshark 1.10.x anterior a 1.10.10 y 1.12.x anterior a 1.12.1 no inicializa adecuadamente ciertos valores ID, lo que permite a atacantes remotos cau... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-456: Missing Initialization of a Variable •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2014-6429 – wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19)
https://notcve.org/view.php?id=CVE-2014-6429
20 Sep 2014 — The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. La función SnifferDecompress en wiretap/ngsniffer.c en el analizador de ficheros DOS Sniffer en Wireshark 1.10.x anterior a 1.10.10 y 1.12.x anterior a 1.12.1 no maneja adecuadamente entrada de datos vacía, lo que permite a a... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2014-6430 – wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19)
https://notcve.org/view.php?id=CVE-2014-6430
20 Sep 2014 — The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. La función SnifferDecompress en wiretap/ngsniffer.c en el analizador de ficheros DOS Sniffer en Wireshark 1.10.x anterior a 1.10.10 y 1.12.x anterior a 1.12.1 no valida datos de máscara de bits, lo que permite a atacantes remotos causar... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2014-6431 – wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19)
https://notcve.org/view.php?id=CVE-2014-6431
20 Sep 2014 — Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. Desbordamiento de buffer en la función SnifferDecompress en wiretap/ngsniffer.c en el analizador de ficheros DOS Sniffer en Wireshark 1.10.x anterior a 1.10.10 y 1.12.x anterio... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2014-6432 – wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19)
https://notcve.org/view.php?id=CVE-2014-6432
20 Sep 2014 — The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. La función SnifferDecompress en wiretap/ngsniffer.c en el analizador de ficheros DOS Sniffer en Wireshark 1.10.x anterior a 1.10.10 y 1.12.x anterior a 1.12.1 no previene la sobreescritura de datos durante opera... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-399: Resource Management Errors •