CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8716
https://notcve.org/view.php?id=CVE-2015-8716
The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función init_t38_info_conv en epan/dissectors/packet-t38.c en el disector T.38 en Wireshark 1.12.x en versiones anteriores a 1.12.9 no asegura que exista una conversación, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79816 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-35.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=eb6ccb1b0c4ad02b828652c3fe6e8d51c30a315e https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8722
https://notcve.org/view.php?id=CVE-2015-8722
epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. epan/dissectors/packet-sctp.c en el disector SCTP en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida el puntero del frame, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79814 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-41.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11767 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1b32d505a59475d51d9b2bed5f0869d2d154e8b6 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh&# • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2015-8730 – Wireshark - dissect_nbap_MACdPDU_Size SIGSEGV
https://notcve.org/view.php?id=CVE-2015-8730
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. epan/dissectors/packet-nbap.c en el disector NBAP en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida el número de elementos, lo que permite a atacantes remotos causar una denegación de servicio (operación de lectura no válida y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/38999 http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79382 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-48.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11815 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=d2644aef369af0667220b5bd69996915b29d753d https://security.gentoo.o • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8737
https://notcve.org/view.php?id=CVE-2015-8737
The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. La función mp2t_open en wiretap/mp2t.c en el analizador de archivo MP2T en Wireshark 2.0.x en versiones anteriores a 2.0.1 no valida la tasa de bits, lo que permite a atacantes remotos causar una denegación de servicio (error de división por cero y caída de aplicación) a través de un archivo manipulado. • http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-55.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11821 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e3fc691368af60bbbaec9e038ee6a6d3b7707955 https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2015-8723 – Wireshark - AirPDcapPacketProcess Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-8723
The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. La función AirPDcapPacketProcess en epan/crypt/airpdcap.c en el disector 802.11 en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida la relación entre la longitud total y la longitud de caputra, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer basado en pila y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/39005 http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79382 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-42.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=40b283181c63cb28bc6f58d80315eccca6650da0 https://security.gentoo.o • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •