CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6014
https://notcve.org/view.php?id=CVE-2017-6014
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. En Wireshark 2.2.4 y versiones anteriores, un archivo de captura STANAG 4607 manipulado o mal formado causará un bucle infinito y agotamiento de memoria. Si el campo de tamaño de paquete en un encabezado de paquete es nulo, el desplazamiento a leer no avanzará, provocando intentos continuos para leer el mismo paquete de longitud cero. • http://www.debian.org/security/2017/dsa-3811 http://www.securityfocus.com/bid/96284 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416 https://security.gentoo.org/glsa/201706-12 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.9EPSS: 1%CPEs: 13EXPL: 1CVE-2016-6504 – Wireshark 1.12.0 < 1.12.12 - NDS Dissector Denial of Service
https://notcve.org/view.php?id=CVE-2016-6504
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. epan/dissectors/packet-ncp2222.inc en el disector NDS en Wireshark 1.12.x en versiones anteriores a 1.12.13 no mantiene adecuadamente una estructura de datos ptvc, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/40194 http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securityfocus.com/bid/92164 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-40.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9eacbb4d48df647648127b9258f9e5aeeb0c7d99 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 1%CPEs: 18EXPL: 1CVE-2016-6505 – Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - PacketBB Dissector Denial of Service
https://notcve.org/view.php?id=CVE-2016-6505
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. epan/dissectors/packet-packetbb.c en el disector PacketBB en Wireshark 1.12.x en versiones anteriores a 1.12.13 y 2.x en versiones anteriores a 2.0.5 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/40197 http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securityfocus.com/bid/92163 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-41.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=94e97e45cf614c7bb8fe90c23df52910246b2c95 • CWE-369: Divide By Zero •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2016-6506
https://notcve.org/view.php?id=CVE-2016-6506
epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. epan/dissectors/packet-wsp.c en el disector WSP en Wireshark 1.12.x en versiones anteriores a 1.12.13 y 2.x en versiones anteriores a 2.0.5 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete manipulado. • http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-42.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a9d5256890c9189c7461bfce6ed6edce5d861499 • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2016-6507
https://notcve.org/view.php?id=CVE-2016-6507
epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. epan/dissectors/packet-mmse.c en el disector MMSE en Wireshark 1.12.x en versiones anteriores a 1.12.13 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete manipulado. • http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-43.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b5a10743258bd016c07ebf6479137fda3d172a0f • CWE-399: Resource Management Errors •