CVE-2015-6243 – wireshark: Dissector table crash (wnpa-sec-2015-23)
https://notcve.org/view.php?id=CVE-2015-6243
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. Vulnerabilidad en la implementación dissector-table en epan/packet.c en Wireshark 1.12.x en versiones anteriores a 1.12.7, maneja incorrectamente las búsquedas de cadenas vacías en tablas, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un paquete manipulado, relacionado con las funciones (1) dissector_get_string_handle y (2) dissector_get_default_string_handle. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2015/dsa-3367 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76384 http://www.securitytracker.com/id • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVE-2015-6244 – wireshark: ZigBee dissector crash (wnpa-sec-2015-24)
https://notcve.org/view.php?id=CVE-2015-6244
The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función dissect_zbee_secure en epan/dissectors/packet-zbee-security.c en el disector ZigBee en Wireshark 1.12.x en versiones anteriores a 1.12.7, confía inadecuadamente en los campos de longitud contenidos en paquetes de datos, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un paquete manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2015/dsa-3367 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76383 http://www.securitytracker.com/id • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •
CVE-2015-6245 – wireshark: GSM RLC/MAC dissector infinite loop (wnpa-sec-2015-25)
https://notcve.org/view.php?id=CVE-2015-6245
epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Vulnerabilidad en epan/dissectors/packet-gsm_rlcmac.c en el disector GSM RLC/MAC en Wireshark 1.12.x en versiones anteriores a 1.12.7, usa tipos de datos de enteros incorrectos, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un paquete manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2015/dsa-3367 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76382 http://www.securitytracker.com/id • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2015-6246 – wireshark: WaveAgent dissector crash (wnpa-sec-2015-26)
https://notcve.org/view.php?id=CVE-2015-6246
The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función dissect_wa_payload en epan/dissectors/packet-waveagent.c en el disector WaveAgent en Wireshark 1.12.x en versiones anteriores a 1.12.7, no maneja adecuadamente los valores de etiqueta grandes, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un paquete manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2015/dsa-3367 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76381 http://www.securitytracker.com/id • CWE-20: Improper Input Validation •
CVE-2015-6248 – wireshark: Ptvcursor crash (wnpa-sec-2015-28)
https://notcve.org/view.php?id=CVE-2015-6248
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función ptvcursor_add en la implementación ptvcursor en epan/proto.c en Wireshark 1.12.x en versiones anteriores a 1.12.7, no comprueba si la cantidad de datos esperada está disponible, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un paquete manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2015/dsa-3367 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76387 http://www.securitytracker.com/id • CWE-20: Improper Input Validation •