CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19622 – wireshark: Infinite loop in the MMSE dissector
https://notcve.org/view.php?id=CVE-2018-19622
29 Nov 2018 — In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. En Wireshark, de la versión 2.6.0 a la 2.6.4 y de la versión 2.4.0 a la 2.4.10, el disector MMSE podría entrar en un bucle infinito. Esto se trató en epan/dissectors/packet-mmse.c evitando desbordamientos de longitud. A vulnerability in MMSE dissector allows Wireshark to loop infinitely when parsing a specially crafted pcap fi... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19626 – Debian Security Advisory 4359-1
https://notcve.org/view.php?id=CVE-2018-19626
29 Nov 2018 — In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. En Wireshark 2.6.0 a 2.6.4 y 2.4.0 a 2.4.10, el disector DCOM podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-dcom.c añadiendo la terminación "\0". Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-125: Out-of-bounds Read CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19625 – Debian Security Advisory 4359-1
https://notcve.org/view.php?id=CVE-2018-19625
29 Nov 2018 — In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. En Wireshark 2.6.0 a 2.6.4 y 2.4.0 a 2.4.10, el motor de disección podría cerrarse inesperadamente. Esto se abordó en epan/tvbuff_composite.c evitando una sobrelectura de búfer basada en memoria dinámica (heap). Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of serv... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18226 – Debian Security Advisory 4359-1
https://notcve.org/view.php?id=CVE-2018-18226
12 Oct 2018 — In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. En Wireshark desde la versión 2.6.0 hasta la 2.6.3, el disector Steam IHS Discovery podría consumir memoria del sistema. Esto se abordó en epan/dissectors/packet-steam-ihs-discovery.c cambiando el enfoque de gestión de memoria. Multiple vulnerabilities have been discovered in Wireshark, a network protocol an... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-18225 – Debian Security Advisory 4359-1
https://notcve.org/view.php?id=CVE-2018-18225
12 Oct 2018 — In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. En Wireshark desde la versión 2.6.0 hasta la 2.6.3, el disector CoAP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-coap.c garantizando que la longitud de piv se calcula correctamente. Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or t... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-18227 – Debian Security Advisory 4359-1
https://notcve.org/view.php?id=CVE-2018-18227
12 Oct 2018 — In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. En Wireshark de la versión 2.6.0 a la 2.6.3 y de la versión 2.4.0 a la 2.4.9, el disector del protocolo MS-WSP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-mswsp.c gestionando correctamente valores NULL de retorno. Multiple vulnerabilities have been discovered in Wireshark, a network protocol analy... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16057 – wireshark: Radiotap dissector crash
https://notcve.org/view.php?id=CVE-2018-16057
30 Aug 2018 — In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. En Wireshark, de la versión 2.6.0 a la 2.6.2, de la versión 2.4.0 a la 2.4.8 y de la versión 2.2.0 a la 2.2.16, el disector Radiotap podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-ieee80211-radiotap-iter.c validando las operaciones iterator. The wireshark packages contain a net... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16056
https://notcve.org/view.php?id=CVE-2018-16056
30 Aug 2018 — In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. En Wireshark, de la versión 2.6.0 a la 2.6.2, de la versión 2.4.0 a la 2.4.8 y de la versión 2.2.0 a la 2.2.16, el disector Bluetooth Attribute Protocol podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-btatt.c verificando que existe un disector para un U... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16058
https://notcve.org/view.php?id=CVE-2018-16058
30 Aug 2018 — In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. En Wireshark, de la versión 2.6.0 a la 2.6.2, de la versión 2.4.0 a la 2.4.8 y de la versión 2.2.0 a la 2.2.16, el disector Bluetooth AVDTP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-btavdtp.c inicializando correctamente una estructura de datos. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14438
https://notcve.org/view.php?id=CVE-2018-14438
20 Jul 2018 — In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. En Wireshark hasta la versión 2.6.2, la función create_app_running_mutex en wsutil/file_util.c llama a SetSecurityDescriptorDacl para establecer un DACL NULL que permite que los atacantes modifiquen el control de acceso de forma arbitraria. • http://www.securityfocus.com/bid/104876 • CWE-20: Improper Input Validation •