CVE-2016-7175
https://notcve.org/view.php?id=CVE-2016-7175
epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. epan/dissectors/packet-qnet6.c en el disector QNX6 QNET en Wireshark 2.x en versiones anteriores a 2.0.6 maneja de manera incorrecta datos de la dirección MAC, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un paquete manipulado. • http://www.securitytracker.com/id/1036760 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11850 https://code.wireshark.org/review/16965 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1396f6ad555178f6b81cc1a65f9cb37b2d99aebf https://www.wireshark.org/security/wnpa-sec-2016-50.html • CWE-125: Out-of-bounds Read •
CVE-2016-7177
https://notcve.org/view.php?id=CVE-2016-7177
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. epan/dissectors/packet-catapult-dct2000.c en el disector Catapult DCT2000 en Wireshark 2.x en versiones anteriores a 2.0.6 no restringe el número de canales, lo que permite a atacantes remotos provocar una denegación de servicio (sobrelectura de búfer y caída de la aplicación) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3671 http://www.securitytracker.com/id/1036760 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12750 https://code.wireshark.org/review/17096 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2e37b271c473e1cbd01d62ebe1f3b011fc9fe638 https://www.wireshark.org/security/wnpa-sec-2016-52.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7176
https://notcve.org/view.php?id=CVE-2016-7176
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. epan/dissectors/packet-h225.c en el disector H.225 en Wireshark 2.x en versiones anteriores a 2.0.6 llama a snprintf con uno de sus búfer de entrada como si fuera un búfer de salida, lo que permite a atacantes remotos provocar una denegación de servicio (superposición de copia y caída de la aplicación) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3671 http://www.securitytracker.com/id/1036760 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700 https://code.wireshark.org/review/16852 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6d8261994bb928b7e80e3a2478a3d939ea1ef373 https://www.wireshark.org/security/wnpa-sec-2016-51.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-5352
https://notcve.org/view.php?id=CVE-2016-5352
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. epan/crypt/airpdcap.c en el disector IEEE 802.11 en Wireshark 2.x en versiones anteriores a 2.0.4 no maneja correctamente ciertos valores de longitud, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://www.openwall.com/lists/oss-security/2016/06/09/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91140 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12175 https://github.com/wireshark/wireshark/commit/b6d838eebf4456192360654092e5587c5207f185 https://www.wireshark.org/security/wnpa-sec-2016-31.html • CWE-125: Out-of-bounds Read •
CVE-2016-5358
https://notcve.org/view.php?id=CVE-2016-5358
epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. epan/dissectors/packet-pktap.c en el disector Ethernet en Wireshark 2.x en versiones anteriores a 2.0.4 no maneja correctamente el tipo de datos de paquetes de cabecera, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://www.openwall.com/lists/oss-security/2016/06/09/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91140 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440 https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7 https://www.wireshark.org/security/wnpa-sec-2016-37.html • CWE-20: Improper Input Validation •