CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-6424 – wireshark: Netflow dissector crash (wnpa-sec-2014-14)
https://notcve.org/view.php?id=CVE-2014-6424
20 Sep 2014 — The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. La función dissect_v9_v10_pdu_data en epan/dissectors/packet-netflow.c en el diseccionador Netflow en Wireshark 1.10.x anterior a 1.10.10 y 1.12.x anterior a 1.12.1 hace refer... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2014-6429 – wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19)
https://notcve.org/view.php?id=CVE-2014-6429
20 Sep 2014 — The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. La función SnifferDecompress en wiretap/ngsniffer.c en el analizador de ficheros DOS Sniffer en Wireshark 1.10.x anterior a 1.10.10 y 1.12.x anterior a 1.12.1 no maneja adecuadamente entrada de datos vacía, lo que permite a a... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-6421 – wireshark: RTP dissector crash (wnpa-sec-2014-12)
https://notcve.org/view.php?id=CVE-2014-6421
20 Sep 2014 — Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. Vulnerabilidad de uso después de liberación en el diseccionador SDP en Wireshark 1.10.x anterior a 1.10.10 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un paquete manipulado que aprovecha la titularidad de... • http://linux.oracle.com/errata/ELSA-2014-1676 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2014-5163 – Gentoo Linux Security Advisory 201409-01
https://notcve.org/view.php?id=CVE-2014-5163
01 Aug 2014 — The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La funcionalidad APN decode en (1) epan/dissectors/packet-gtp.c y (2) epan/dissectors/packet-gsm_a_gm.c en los diseccionadores de GTP y GSM Management en Wireshark 1.10.x anterior ... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-5161 – Gentoo Linux Security Advisory 201409-01
https://notcve.org/view.php?id=CVE-2014-5161
01 Aug 2014 — The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. La función dissect_log en plugins/irda/packet-irda.c en el diseccionador de IrDA en Wireshark 1.10.x anterior a 1.10.9 no elimina debidamente los caracteres '\n', lo que permite a atacantes remotos causar una denegación de servicio (subde... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2014-5165 – Gentoo Linux Security Advisory 201409-01
https://notcve.org/view.php?id=CVE-2014-5165
01 Aug 2014 — The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. La función dissect_ber_constrained_bitstring en epan/dissectors/packet-ber.c en el diseccionador ASN.1 BER en Wireshark 1.10.x anterior a 1.10.9 no valida debidamente los valores de relleno (padding), lo que... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2014-5164 – Gentoo Linux Security Advisory 201409-01
https://notcve.org/view.php?id=CVE-2014-5164
01 Aug 2014 — The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función rlc_decode_li en epan/dissectors/packet-rlc.c en el diseccionados de RLC en Wireshark 1.10.x anterior a 1.10.9 inicializa cierto miembro de estructuras solamente después de que este miembro se haya utilizado, lo que... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-5162 – Gentoo Linux Security Advisory 201409-01
https://notcve.org/view.php?id=CVE-2014-5162
01 Aug 2014 — The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet. La función read_new_line en wiretap/catapult_dct2000.c en el diseccionador Catapult DCT2000 en Wireshark 1.10.x anterior a 1.10.9 no elimina debidamente los caracteres '\n' y '\r', lo que permite a atacan... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 2CVE-2014-4020 – Gentoo Linux Security Advisory 201406-33
https://notcve.org/view.php?id=CVE-2014-4020
18 Jun 2014 — The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_frame en epan/dissectors/packet-frame.c en el marco metadissector en Wireshark 1.10.x anterior a 1.10.8 interpreta un entero negativo como un valor de longitud a... • http://lists.opensuse.org/opensuse-updates/2014-06/msg00049.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 2CVE-2014-4174 – Gentoo Linux Security Advisory 201406-33
https://notcve.org/view.php?id=CVE-2014-4174
18 Jun 2014 — wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. wiretap/libpcap.c en el analizador de ficheros libpcap en Wireshark 1.10.x anterior a 1.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un fiche... • http://anonsvn.wireshark.org/viewvc/trunk-1.10/wiretap/libpcap.c?r1=53123&r2=53122&pathrev=53123 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •