CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-7176
https://notcve.org/view.php?id=CVE-2016-7176
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. epan/dissectors/packet-h225.c en el disector H.225 en Wireshark 2.x en versiones anteriores a 2.0.6 llama a snprintf con uno de sus búfer de entrada como si fuera un búfer de salida, lo que permite a atacantes remotos provocar una denegación de servicio (superposición de copia y caída de la aplicación) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3671 http://www.securitytracker.com/id/1036760 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700 https://code.wireshark.org/review/16852 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6d8261994bb928b7e80e3a2478a3d939ea1ef373 https://www.wireshark.org/security/wnpa-sec-2016-51.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5352
https://notcve.org/view.php?id=CVE-2016-5352
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. epan/crypt/airpdcap.c en el disector IEEE 802.11 en Wireshark 2.x en versiones anteriores a 2.0.4 no maneja correctamente ciertos valores de longitud, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://www.openwall.com/lists/oss-security/2016/06/09/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91140 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12175 https://github.com/wireshark/wireshark/commit/b6d838eebf4456192360654092e5587c5207f185 https://www.wireshark.org/security/wnpa-sec-2016-31.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5358
https://notcve.org/view.php?id=CVE-2016-5358
epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. epan/dissectors/packet-pktap.c en el disector Ethernet en Wireshark 2.x en versiones anteriores a 2.0.4 no maneja correctamente el tipo de datos de paquetes de cabecera, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://www.openwall.com/lists/oss-security/2016/06/09/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91140 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440 https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7 https://www.wireshark.org/security/wnpa-sec-2016-37.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-6513
https://notcve.org/view.php?id=CVE-2016-6513
epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. epan/dissectors/packet-wbxml.c en el disector WBXML en Wireshark 2.x en versiones anteriores a 2.0.5 no restringe la profundidad de repercusión, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://openwall.com/lists/oss-security/2016/07/28/3 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-49.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=347f071f1b9180563c28b0f3d0627b91eb456c72 • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 1%CPEs: 5EXPL: 1CVE-2016-6512 – Wireshark 2.0.0 < 2.0.4 - MMSE / WAP / WBXML / WSP Dissectors Denial of Service
https://notcve.org/view.php?id=CVE-2016-6512
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. epan/dissectors/packet-wap.c in Wireshark 2.x en versiones anteriores a 2.0.5 omite una comprobación de desbordamiento en la función tvb_get_guintvar, lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete manipulado, relacionado con los disertores MMSE, WAP, WBXML y WSP. • https://www.exploit-db.com/exploits/40195 http://openwall.com/lists/oss-security/2016/07/28/3 http://www.securityfocus.com/bid/92174 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-48.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2193bea3212d74e2a907152055e27d409b59485e • CWE-20: Improper Input Validation •