CVE-2019-10901
https://notcve.org/view.php?id=CVE-2019-10901
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector LDSS podría cerrarse de forma inesperada. Esto fue tratado en epan/disectores/packet-ldsss.c mediante el manejo adecuado de los archivos de digest. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-476: NULL Pointer Dereference •
CVE-2019-10900
https://notcve.org/view.php?id=CVE-2019-10900
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. En Wireshark 3.0.0, el disector Rbm podía entrar en un bucle infinito. Esto fue tratado en epan/disectors/file-rbm.c manejando tipos de objetos desconocidos de forma segura. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107836 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15612 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=26eee01f57f0a86fb375892c7937eac24ede4610 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R https:& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2019-10899
https://notcve.org/view.php?id=CVE-2019-10899
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector SRVLOC podría fallar. Esto se abordó en epan/disectors/packet-srvloc.c evitando una lectura insuficiente del búfer basado en pilas. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b16fea2f175a3297edac118c8844c7987d31c1cb https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-125: Out-of-bounds Read •
CVE-2019-10898
https://notcve.org/view.php?id=CVE-2019-10898
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. En Wireshark 3.0.0, el disector GSUP podía entrar en un bucle infinito. Esto fue tratado en epan/disectors/packet-gsm_gsup.c rechazando una longitud inválida del Elemento de Información. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107836 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15585 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f80b7d1b279fb6c13f640019a1bbc42b18bf7469 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R https:& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2019-10897
https://notcve.org/view.php?id=CVE-2019-10897
In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. En Wireshark 3.0.0, el disector IEEE 802.11 podía entrar en un bucle infinito. Esto se abordó en epan/disectores/packet-ieee80211.c mediante la detección de casos en los que el desplazamiento de bits no avanza. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107836 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15553 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=00d5e9e9fb377f52ab7696f25c1dbc011ef0244d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R https:& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •