Page 56 of 672 results (0.008 seconds)

CVSS: 5.9EPSS: 1%CPEs: 13EXPL: 1

epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. epan/dissectors/packet-ncp2222.inc en el disector NDS en Wireshark 1.12.x en versiones anteriores a 1.12.13 no mantiene adecuadamente una estructura de datos ptvc, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/40194 http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securityfocus.com/bid/92164 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-40.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9eacbb4d48df647648127b9258f9e5aeeb0c7d99 • CWE-476: NULL Pointer Dereference •

CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0

epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. epan/dissectors/packet-rlc.c en el disector RLC en Wireshark 1.12.x en versiones anteriores a 1.12.13 y 2.x en versiones anteriores a 2.0.5 utiliza un tipo de datos de entero incorrecto, lo que permite a atacantes remotos provocar una denegación de servicio (bucle grande) a través de un paquete manipulado. • http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-44.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6cf9616df68a4db7e436bb77392586ff9ad84feb • CWE-399: Resource Management Errors •

CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0

epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. epan/dissectors/packet-mmse.c en el disector MMSE en Wireshark 1.12.x en versiones anteriores a 1.12.13 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete manipulado. • http://openwall.com/lists/oss-security/2016/07/28/3 http://www.debian.org/security/2016/dsa-3648 http://www.securitytracker.com/id/1036480 http://www.wireshark.org/security/wnpa-sec-2016-43.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b5a10743258bd016c07ebf6479137fda3d172a0f • CWE-399: Resource Management Errors •

CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 0

wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. wiretap/toshiba.c en el analizador de archivo Toshiba en Wireshark 1.12.x en versiones anteriores a 1.12.12 y 2.x en versiones anteriores a 2.0.4 no maneja correctamente procesamiento sin signo de entero sscanf, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo manipulado. • http://www.debian.org/security/2016/dsa-3615 http://www.openwall.com/lists/oss-security/2016/06/09/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91140 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12394 https://github.com/wireshark/wireshark/commit/3270dfac43da861c714df76513456b46765ff47f https://github.com/wireshark/wireshark/commit/5efb45231671baa2db2011d8f67f9d6e72bc455b https://www.wireshark.org/security/wnpa-sec-2016-34.html • CWE-20: Improper Input Validation •

CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 0

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. wiretap/cosine.c en el analizador de archivo CoSine en Wireshark 1.12.x en versiones anteriores a 1.12.12 y 2.x en versiones anteriores a 2.0.4 no maneja correctamente procesamiento sin signo de entero sscanf, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo manipulado. • http://www.debian.org/security/2016/dsa-3615 http://www.openwall.com/lists/oss-security/2016/06/09/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91140 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395 https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500 https://www.wireshark.org/security/wnpa-sec-2016-35.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •