CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2015-8730 – Wireshark - dissect_nbap_MACdPDU_Size SIGSEGV
https://notcve.org/view.php?id=CVE-2015-8730
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. epan/dissectors/packet-nbap.c en el disector NBAP en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida el número de elementos, lo que permite a atacantes remotos causar una denegación de servicio (operación de lectura no válida y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/38999 http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79382 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-48.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11815 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=d2644aef369af0667220b5bd69996915b29d753d https://security.gentoo.o • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2015-8731 – Wireshark - dissct_rsl_ipaccess_msg Static Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2015-8731
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. La función dissct_rsl_ipaccess_msg en epan/dissectors/packet-rsl.c en el disector RSL en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no rechaza tipos TLV desconocidos, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/38996 http://www.debian.org/security/2016/dsa-3516 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79382 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-49.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0 https://security.gentoo.o • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2015-8732 – Wireshark - dissect_zcl_pwr_prof_pwrprofstatersp Static Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2015-8732
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. La función dissect_zcl_pwr_prof_pwrprofstatersp en epan/dissectors/packet-zbee-zcl-general.c en el disector ZigBee ZCL en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida el campo Total Profile Number, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/38995 http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79382 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-50.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9352616ec9742f2ed3d2802d0c8c100d51ca410b https://code.wireshark.or • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2015-8733 – Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2015-8733
The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. La función ngsniffer_process_record en wiretap/ngsniffer.c en el analizador de archivo Sniffer en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida las relaciones entre la longitud de los registros y la longitud de las cabeceras de los registros, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un archivo manipulado. • https://www.exploit-db.com/exploits/39076 http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79814 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-51.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11827 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=53a3e53fce30523d11ab3df319fba7b75d63076f https://security.gentoo.o • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8734
https://notcve.org/view.php?id=CVE-2015-8734
The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_nwp en epan/dissectors/packet-nwp.c en el disector NWP en Wireshark 2.0.x en versiones anteriores a 2.0.1 no maneja correctamente el tipo de paquete, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-52.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11726 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9b2c889abe0219fc162659e106c5b95deb6268f3 https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •