Page 2 of 38 results (0.021 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file El fallo del disector GVCP en Wireshark 4.2.0, 4.0.0 a 4.0.11 y 3.6.0 a 3.6.19 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19496 https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V https://www.wireshark.org/security/wnpa-sec-2024-01.html • CWE-230: Improper Handling of Missing Values CWE-674: Uncontrolled Recursion •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file La falla del analizador de archivos NetScreen en Wireshark 4.0.0 a 4.0.10 y 3.6.0 a 3.6.18 permite la denegación de servicio a través de un archivo de captura manipulado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must open a specially crafted packet capture file. The specific flaw exists within the parsing of packet capture files in the NetScreen format. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://gitlab.com/wireshark/wireshark/-/issues/19404 https://www.wireshark.org/security/wnpa-sec-2023-29.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file La falla del disector SSH en Wireshark 4.0.0 a 4.0.10 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19369 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V https://security.gentoo.org/glsa/202402-09 https://www.debian.org/security/2023/dsa-5559 https://www.wireshark.org/security/wnpa-sec-2023-28.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file La pérdida de memoria del disector RTPS en Wireshark 4.0.0 a 4.0.8 y 3.6.0 a 3.6.16 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado. • https://gitlab.com/wireshark/wireshark/-/issues/19322 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V https://security.gentoo.org/glsa/202402-09 https://www.wireshark.org/security/wnpa-sec-2023-27.html • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. Debido a un error al validar la longitud proporcionada por un paquete CP2179 creado por un atacante, las versiones de Wireshark 2.0.0 a 4.0.7 son susceptibles a una división por cero, lo que permite un ataque de denegación de servicio. • https://gitlab.com/wireshark/wireshark/-/issues/19229 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ https://takeonme.org/cves/CVE-2023-2906.html • CWE-369: Divide By Zero •