CVE-2016-6511
https://notcve.org/view.php?id=CVE-2016-6511
epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. epan/proto.c en Wireshark 1.12.x en versiones anteriores a 1.12.13 y 2.x en versiones anteriores a 2.0.5 permite a atacantes remotos provocar una denegación de servicio (bucle grande de disector OpenFlow) a través de un paquete manipulado. • http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-47.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=56706427f53cc64793870bf072c2c06248ae88f3 • CWE-399: Resource Management Errors •
CVE-2016-6504 – Wireshark 1.12.0 < 1.12.12 - NDS Dissector Denial of Service
https://notcve.org/view.php?id=CVE-2016-6504
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. epan/dissectors/packet-ncp2222.inc en el disector NDS en Wireshark 1.12.x en versiones anteriores a 1.12.13 no mantiene adecuadamente una estructura de datos ptvc, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/40194 http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securityfocus.com/bid/92164 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-40.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9eacbb4d48df647648127b9258f9e5aeeb0c7d99 • CWE-476: NULL Pointer Dereference •
CVE-2016-6508
https://notcve.org/view.php?id=CVE-2016-6508
epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. epan/dissectors/packet-rlc.c en el disector RLC en Wireshark 1.12.x en versiones anteriores a 1.12.13 y 2.x en versiones anteriores a 2.0.5 utiliza un tipo de datos de entero incorrecto, lo que permite a atacantes remotos provocar una denegación de servicio (bucle grande) a través de un paquete manipulado. • http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-44.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6cf9616df68a4db7e436bb77392586ff9ad84feb • CWE-399: Resource Management Errors •
CVE-2016-6507
https://notcve.org/view.php?id=CVE-2016-6507
epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. epan/dissectors/packet-mmse.c en el disector MMSE en Wireshark 1.12.x en versiones anteriores a 1.12.13 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete manipulado. • http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-43.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b5a10743258bd016c07ebf6479137fda3d172a0f • CWE-399: Resource Management Errors •
CVE-2016-5356
https://notcve.org/view.php?id=CVE-2016-5356
wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. wiretap/cosine.c en el analizador de archivo CoSine en Wireshark 1.12.x en versiones anteriores a 1.12.12 y 2.x en versiones anteriores a 2.0.4 no maneja correctamente procesamiento sin signo de entero sscanf, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo manipulado. • http://www.debian.org/security/2016/dsa-3615 http://www.openwall.com/lists/oss-security/2016/06/09/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91140 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395 https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500 https://www.wireshark.org/security/wnpa-sec-2016-35.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •