Page 2 of 56 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. En Wireshark 2.2.4 y versiones anteriores, un archivo de captura STANAG 4607 manipulado o mal formado causará un bucle infinito y agotamiento de memoria. Si el campo de tamaño de paquete en un encabezado de paquete es nulo, el desplazamiento a leer no avanzará, provocando intentos continuos para leer el mismo paquete de longitud cero. • http://www.debian.org/security/2017/dsa-3811 http://www.securityfocus.com/bid/96284 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416 https://security.gentoo.org/glsa/201706-12 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.0EPSS: 7%CPEs: 28EXPL: 3

The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_capwap_data en epan/dissectors/packet-capwap.c en el dissector CAPWAP en Wireshark v1.6.x anterior a v1.6.16 y v1.8.x anterior a v1.8.8 usa incorrectamente un valor de -1 para representar un error de condición, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un paquete especialmente diseñado. • https://www.exploit-db.com/exploits/33556 http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-capwap.c?r1=43716&r2=43715&pathrev=43716 http://anonsvn.wireshark.org/viewvc?view=revision&revision=43716 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://osvdb.org/show/osvdb/94091 http://packetstormsecurity.com/files/126848/Wireshark-CAPWAP-Dissector-Denial-Of-Service.html http://secunia.com/advisories&#x • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 0%CPEs: 28EXPL: 0

The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. La función http_payload_subdissector en epan/dissectors/packet-http.c en el HTTP dissector en Wireshark 1.6.x anterior a 1.6.16 y 1.8.x anterior a 1.8.8, no determina adecuadamente cuando se utiliza una aproximación recursiva, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de pila) a través de un paquete manipulado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-http.c?r1=49623&r2=49622&pathrev=49623 http://anonsvn.wireshark.org/viewvc?view=revision&revision=49623 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2014-0341.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gentoo.or • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.8EPSS: 0%CPEs: 25EXPL: 0

The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_pft function en epan/dissectors/packet-dcp-etsi.c DCP ETS dissector I en Wireshark 1.6.x anterior a 1.6.16, 1.8.x anterior a 1.8.8, y 1.10.0, no valida adecuadamente el tamaño de los fragmentos, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=49802&r2=49801&pathrev=49802 http://anonsvn.wireshark.org/viewvc?view=revision&revision=49802 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2014-0341.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54296 http://secunia.com/advisories/54425 http://www.debian.org/securit • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 1

The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. La función dissect_ber_choice en epan/dissectors/packet-ber.c en el disector ASN.1 BER en Wireshark v1.6.x antes de v1.6.15 y v1.8.x antes de v1.8.7 no inicializa correctamente una determinada variable, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete mal formado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ber.c?r1=48944&r2=48943&pathrev=48944 http://anonsvn.wireshark.org/viewvc?view=revision&revision=48944 http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2014-0341.html http://secunia. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •