Page 13 of 87 results (0.005 seconds)

CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2015-7830 – Wireshark PCAPNG if_filter Arbitrary Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-7830

The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. La función pcapng_read_if_descr_block en wiretap/pcapng.c en el analizador pcapng en Wireshark 1.12.x en versiones anteriores a 1.12.8 utiliza demasiados niveles de indirección de puntero, lo que permite a atacantes remotos provocar una denegación de servicio (liberación de memoria incorrecta y caída de aplicación) a través de un paquete manipulado que desencadena el copiado del filtro de interfaz. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PCAPNG files. The issue lies in the handling of the if_filter section within next-generation PCAP files. • http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/77101 http://www.securityfocus.com/bid/78723 http://www.securitytracker.com/id/1033953 http://www.wireshark.org/security/wnpa-sec-2015-30.html http://www.zerodayinitiative.com/advisories/ZDI-15-624 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11455 https: • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-6241

https://notcve.org/view.php?id=CVE-2015-6241

The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función proto_tree_add_bytes_item en epan/proto.c en la implementación protocol-tree en Wireshark 1.12.x en versiones anteriores a 1.12.7, no finaliza adecuadamente una estructura de datos después de un fallo al localizar un número dentro de una cadena, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un paquete manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2015/dsa-3367 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securitytracker.com/id/1033272 http://www.wireshark.org/security/wnpa-sec-2015-21.html https://bugs.wireshark.org/bugzilla/show_bug.cgi& • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-6242

https://notcve.org/view.php?id=CVE-2015-6242

The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. Vulnerabilidad en la función wmem_block_split_free_chunk en epan/wmem/wmem_allocator_block.c en el asignador wmem block en el gestor de memoria en Wireshark 1.12.x en versiones anteriores a 1.12.7, no considera adecuadamente un cierto caso de operaciones de reasignación de memoria múltiple que restablecen un fragmento de memoria a su tamaño original, lo que permite a atacantes remotos causar una denegación de servicio (operación de liberación incorrecta y caída de la aplicación) a través de un paquete manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2015/dsa-3367 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securitytracker.com/id/1033272 http://www.wireshark.org/security/wnpa-sec-2015-22.html https://bugs.wireshark.org/bugzilla/show_bug.cgi& • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-6247

https://notcve.org/view.php?id=CVE-2015-6247

The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Vulnerabilidad en la función dissect_openflow_tablemod_v5 en epan/dissectors/packet-openflow_v5.c en el disector OpenFlow en Wireshark 1.12.x en versiones anteriores a 1.12.7, no valida un cierto valor de desplazamiento, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un paquete manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2015/dsa-3367 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securitytracker.com/id/1033272 http://www.wireshark.org/security/wnpa-sec-2015-27.html https://bugs.wireshark.org/bugzilla/show_bug.cgi& • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2015-6249

https://notcve.org/view.php?id=CVE-2015-6249

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función dissect_wccp2r1_address_table_info en epan/dissectors/packet-wccp.c en el disector WCCP en Wireshark 1.12.x en versiones anteriores a 1.12.7, no impide el uso conflictivo de una tabla para las direcciones IPv4 y IPv6, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un paquete manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2015/dsa-3367 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securitytracker.com/id/1033272 http://www.wireshark.org/security/wnpa-sec-2015-29.html https://bugs.wireshark.org/bugzilla/show_bug.cgi& • CWE-20: Improper Input Validation •