Page 5 of 44 results (0.051 seconds)

CVSS: 5.0EPSS: 0%CPEs: 41EXPL: 0

Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. Wireshark 1.0.4 y anteriores permite a atacantes remotos causar una denegación de servicio a través de una petición SMTP demasiado larga, lo que ocasiona un bucle infinito. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html http://secunia.com/advisories/32840 http://secunia.com/advisories/34144 http://securityreason.com/securityalert/4663 http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm http://wiki.rpath.com/Advisories:rPSA-2008-0336 http://www.mandriva.com/security/advisories?name=MDVSA-2008:242 http://www.openwall.com/lists/oss-security/2008/11/24/1 http://www.redhat.com/support/errata/RHSA-2009-0313.html h • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.0EPSS: 0%CPEs: 29EXPL: 0

Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. Wireshark (anteriormente Ethereal) 0.9.7 hasta 1.0.2, permite a los atacantes causar una denegación de servicio (cuelgue), a través de un paquete NCP manipulado que provoca un bucle infinito. • http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675 http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091 http://security.gentoo.org/glsa/glsa-200809-17.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http://www.mandriva.com/security/advisories?name=MDVSA-2008:199 http://www.redhat.com/support/errata/RHSA-2008 • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 10.0EPSS: 1%CPEs: 17EXPL: 0

Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. Múltiples desbordamientos de búfer en el archivo packet_ncp2222.inc en Wireshark (anteriormente Ethereal) versiones 0.9.7 hasta 1.0.2, permite a atacantes causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de un paquete NCP diseñado que causa que sea usado un puntero no válido. • http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31687 http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091 http://security.gentoo.org/glsa/glsa-200809-17.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. La función fragment_add_work de epan/reassemble.c en Wireshark versiones 0.8.19 hasta la 1.0.1, permite a atacantes remotos provocar una denegación de servicio (caída) a través de series de paquetes fragmentados con valores de desplazamiento de fragmentación no secuencial, lo cual provoca una sobre-lectua del buffer. • http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31044 http://secunia.com/advisories/31085 http://secunia.com/advisories/31257 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020471 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. El analizador RTMPT en Wireshark (anteriormente Ethereal) 0.99.8 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores desconocidos. NOTA: esto puede ser debido a un eror "user-after-free" (uso después de liberación). • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212 http://www.securityfocus.com/archive/1/493882/100/0/threaded http://www.securityfocus • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •