CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9354
https://notcve.org/view.php?id=CVE-2017-9354
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. En Wireshark de 2.2.0 a 2.2.6 y 2.0.0 y 2.0.0 a 2.0.12, el disector RGMP podría caer. Esto fue dirigido a epan/dissectors/packet-rgmp.c mediante la validación de una dirección IPv4. • http://www.securityfocus.com/bid/98802 http://www.securitytracker.com/id/1038612 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1243 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=3a77395e651acd81eb41ffd8fbdbf711e1133d76 https://www.wireshark.org/security/wnpa-sec-2017-32.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9345
https://notcve.org/view.php?id=CVE-2017-9345
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. En Wireshark versión 2.2.0 hasta 2.2.6 y versión 2.0.0 hasta 2.0.12, el disector DNS podría entrar en un bucle infinito. Esto se ha dirigido a epan/dissectors/packet-dns.c al tratar de detectar autoreferencia de punteros. • http://www.securityfocus.com/bid/98798 http://www.securitytracker.com/id/1038612 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1206 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e280c9b637327a65d132bfe72d917b87e6844eb5 https://www.wireshark.org/security/wnpa-sec-2017-26.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2017-9347 – Wireshark 2.2.0 < 2.2.12 - ROS Dissector Denial of Service
https://notcve.org/view.php?id=CVE-2017-9347
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. En Wireshark versión 2.2.0 hasta 2.2.6, el disector ROS podría bloquearse con una desreferencia de puntero NULL. Esto fue dirigido en el archivo epan/dissectors/asn1/ros/packet-ros-template.c mediante la validación de un OID. Wireshark versions 2.2.0 through 2.2.12 suffer from a ROS dissector denial of service vulnerability. • https://www.exploit-db.com/exploits/42124 http://www.securityfocus.com/bid/98800 http://www.securitytracker.com/id/1038612 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1216 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=278e52f26e7e1a23f8d2e8ed98693328c992bdce https://www.wireshark.org/security/wnpa-sec-2017-31.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9351
https://notcve.org/view.php?id=CVE-2017-9351
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. Fue encontrada una Vulnerabilidad en Wireshark versión 2.2.0 hasta 2.2.6 y versión 2.0.0 hasta 2.0.12, el disector DHCP pudo leer más allá del final de un búfer. Esto se solucionó en EPAN/dissectors/Packet-BOOTP.c mediante extracción del identificador de clase de proveedor con más detenimiento. • http://www.securityfocus.com/bid/98808 http://www.securitytracker.com/id/1038612 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1153 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1183 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13628 https://code.wireshark.org/review/gitweb? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2017-7747
https://notcve.org/view.php?id=CVE-2017-7747
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. En Wireshark 2.2.0 a 2.2.5 y 2.0.0 a 2.0.11, el disector PacketBB podría caer, desencadenado por un paquete de inyección o un archivo de captura mal formado. Esto se trató en epan/dissectors/packet-packetbb.c restringiendo las adiciones al árbol de protocolo. • http://www.securityfocus.com/bid/97638 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13559 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5cfd52d6629cf8a7ab67c6bacd3431a964f43584 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2017-18.html • CWE-20: Improper Input Validation •