CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-13765
https://notcve.org/view.php?id=CVE-2017-13765
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. En Wireshark 2.4.0, 2.2.0-2.2.8 y 2.0.0-2.0.14, el disector IrCOMM tiene una vulnerabilidad de sobrelectura de búfer y de fallo de aplicación. Esto se ha tratado en plugins/irda/packet-ircomm.c añadiendo una validación de longitud. • http://www.securityfocus.com/bid/100551 http://www.securitytracker.com/id/1039254 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=94666d4357096fc45e3bcad3d9414a14f0831bc8 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2017-41.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13764
https://notcve.org/view.php?id=CVE-2017-13764
In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. En Wireshark 2.4.0, el disector Modbus podría fallar con una desreferencia de puntero NULL. Esto se ha tratado en epan/dissectors/packet-mbtcp.c añadiendo una validación de longitud. • http://www.securityfocus.com/bid/100545 http://www.securitytracker.com/id/1039254 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b87ffbd12bddf64582c0a6e082b462744474de94 https://www.wireshark.org/security/wnpa-sec-2017-40.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2017-13767
https://notcve.org/view.php?id=CVE-2017-13767
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. En Wireshark 2.4.0, 2.2.0-2.2.8 y 2.0.0-2.0.14, el disector MSDP podría entrar en un bucle infinito. Esto se ha tratado en epan/dissectors/packet-msdp.c añadiendo una validación de longitud. • http://www.securityfocus.com/bid/100549 http://www.securitytracker.com/id/1039254 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6f18ace2a2683418a9368a8dfd92da6bd8213e15 https://www.wireshark.org/security/wnpa-sec-2017-38.html • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-11407
https://notcve.org/view.php?id=CVE-2017-11407
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. En Wireshark versión 2.2.0 hasta 2.2.7 y versión 2.0.0 hasta 2.0.13, el Disector MQ podría bloquearse. Esto se solucionó en epan/dissectors/packet-mq.c mediante la validación de longitud del fragmento anterior a un intento de reensamblaje. • http://www.securityfocus.com/bid/99910 http://www.securitytracker.com/id/1038966 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4e54dae7f0d7840836ee6d5ce1e688f152ab2978 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2017-35.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2017-11408
https://notcve.org/view.php?id=CVE-2017-11408
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. En Wireshark versión 2.2.0 hasta 2.2.7 y versión 2.0.0 hasta 2.0.13, el disector AMQP podría bloquearse. Esto fue abordado en el archivo epan/dissectors/packet-amqp.c mediante la comprobación de la disección list con éxito. • http://www.securityfocus.com/bid/99894 http://www.securitytracker.com/id/1038966 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a102c172b0b2fe231fdb49f4f6694603f5b93b0c https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e57c86ef8e3b57b7f90c224f6053d1eacf20e1ba https://lists.debian.org/debian-lts-announce/2017/12/msg00029.html https://www.debian.org/security/2017/dsa-4060 https://www.wireshark.org/security/ • CWE-20: Improper Input Validation •