CVE-2008-3933 – wireshark: crash triggered by zlib-compressed packet data
https://notcve.org/view.php?id=CVE-2008-3933
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. Aplicación Wireshark (conocida como Ehtereal) 0.10.14 a la v 1.0.2, permite a atacantes provocar una denegación de servicio (caída) a través de un paquete con datos zlib-compressed manipulados que lanzan una lectura errónea en la función tvb_uncompress. • http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200809-17.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http://www.debian.org/security/2008/dsa-1673 http://www.mandriva.com/security/advisories?name=MDVSA-2008:199 http://www.redhat. • CWE-20: Improper Input Validation •
CVE-2008-3146 – wireshark: multiple buffer overflows in NCP dissector
https://notcve.org/view.php?id=CVE-2008-3146
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. Múltiples desbordamientos de búfer en el archivo packet_ncp2222.inc en Wireshark (anteriormente Ethereal) versiones 0.9.7 hasta 1.0.2, permite a atacantes causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de un paquete NCP diseñado que causa que sea usado un puntero no válido. • http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31687 http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091 http://security.gentoo.org/glsa/glsa-200809-17.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3145 – wireshark: crash in the packet reassembling
https://notcve.org/view.php?id=CVE-2008-3145
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. La función fragment_add_work de epan/reassemble.c en Wireshark versiones 0.8.19 hasta la 1.0.1, permite a atacantes remotos provocar una denegación de servicio (caída) a través de series de paquetes fragmentados con valores de desplazamiento de fragmentación no secuencial, lo cual provoca una sobre-lectua del buffer. • http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31044 http://secunia.com/advisories/31085 http://secunia.com/advisories/31257 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020471 • CWE-20: Improper Input Validation •
CVE-2008-3141 – wireshark: memory disclosure in the RMI dissector
https://notcve.org/view.php?id=CVE-2008-3141
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. Vulnerabilidad sin especificar en el analizador RMI en Wireshark (anteriormente Ethereal) de la v0.9.5 a la v1.0.0, permite a atacantes remotos leer la memoria del sistema a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http:& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-3138 – wireshark: unexpected exit in the PANA and KISMET dissectors
https://notcve.org/view.php?id=CVE-2008-3138
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. Los analizadores (1) PANA y (2) KISMET en Wireshark (conocido como Ethereal) de la 0.99.3 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (parada de aplicación) a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http:& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •