CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9344
https://notcve.org/view.php?id=CVE-2017-9344
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. En Wireshark versión 2.2.0 hasta 2.2.6 y versión 2.0.0 hasta 2.0.12, el disector Bluetooth L2CAP podría dividirse por cero. Esto se abordó en epan/dissectors/packet-btl2cap.c mediante la comprobación de un valor de intervalo. • http://www.securityfocus.com/bid/98796 http://www.securitytracker.com/id/1038612 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1539 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6308ae03d82a29a2e3d75e1c325c8a9f6c44dcdf https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html https://www.wireshark.org/security/wnpa-sec-2017-29.html • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9346
https://notcve.org/view.php?id=CVE-2017-9346
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. En Wireshark versión 2.2.0 hasta 2.2.6 y versión 2.0.0 hasta 2.0.12, el disector SoulSeek podría entrar en un bucle infinito. Esto se ha dirigido a epan/dissectors/packet-slsk.c haciendo que los límites del bucle sean más explícitos. • http://www.securityfocus.com/bid/98799 http://www.securitytracker.com/id/1038612 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1200 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6c0bd15bd46a95c5b7dce02fe23c594429bb6c7e https://www.wireshark.org/security/wnpa-sec-2017-25.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2017-9347 – Wireshark 2.2.0 < 2.2.12 - ROS Dissector Denial of Service
https://notcve.org/view.php?id=CVE-2017-9347
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. En Wireshark versión 2.2.0 hasta 2.2.6, el disector ROS podría bloquearse con una desreferencia de puntero NULL. Esto fue dirigido en el archivo epan/dissectors/asn1/ros/packet-ros-template.c mediante la validación de un OID. Wireshark versions 2.2.0 through 2.2.12 suffer from a ROS dissector denial of service vulnerability. • https://www.exploit-db.com/exploits/42124 http://www.securityfocus.com/bid/98800 http://www.securitytracker.com/id/1038612 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1216 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=278e52f26e7e1a23f8d2e8ed98693328c992bdce https://www.wireshark.org/security/wnpa-sec-2017-31.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2017-9353 – Wireshark 2.2.6 - IPv6 Dissector Denial of Service
https://notcve.org/view.php?id=CVE-2017-9353
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. Fue encontrada una Vulnerabilidad en Wireshark versión 2.2.0 hasta la versión 2.2.6, el disector IPv6 puede fallar. Esto se solucionó en EPAN/dissectors/Packet-IPv6.c comprobando una dirección IPv6. Wireshark version 2.2.6 suffers from an IPv6 dissector denial of service vulnerability. • https://www.exploit-db.com/exploits/42123 http://www.securityfocus.com/bid/98805 http://www.securitytracker.com/id/1038612 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1303 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=40b2d475c2ad550c1a0f536d5eb30f2a7404c4f0 https://www.wireshark.org/security/wnpa-sec-2017-33.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-7745
https://notcve.org/view.php?id=CVE-2017-7745
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. En Wireshark 2.2.0 a 2.2.5 y 2.0.0 a 2.0.11, el disector SIGCOMP podría entrar en un bucle infinito, desencadenado por un paquete de inyección o un archivo de captura mal formado. Esto se trató en epan/dissectors/packet-sigcomp.c mediante la corrección de una comprobación del tamaño de la memoria. • http://www.securityfocus.com/bid/97627 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0 https://www.wireshark.org/security/wnpa-sec-2017-20.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •