CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2013-4076
https://notcve.org/view.php?id=CVE-2013-4076
Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Desbordamiento de búfer en la función dissect_iphc_crtp_fh en epan/dissectors/packet-ppp.c en el dissector PPP en Wireshark v1.8.x anterior a v1.8.8 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un paquete especialmente diseñado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=46128&r2=46127&pathrev=46128 http://anonsvn.wireshark.org/viewvc?view=revision&revision=46128 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2013-4078
https://notcve.org/view.php?id=CVE-2013-4078
epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. epan/dissectors/packet-rdp.c en el dissector RDP en Wireshark v1.8.x anterior a v1.8.8 no valida el valor de retorno durante la comprobación de la disponibilidad de datos, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un paquete especialmente diseñado. • http://anonsvn.wireshark.org/viewvc?view=revision&revision=45566 http://anonsvn.wireshark.org/viewvc?view=revision&revision=46158 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.wireshark.org/docs/relnotes/wireshark-1.8& • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2013-4077
https://notcve.org/view.php?id=CVE-2013-4077
Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. Error de índice de array en el dissector NBAP en Wireshark v1.8.x anterior a v1.8.8 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un paquete especialmente diseñado, relacionado con nbap.cnf y packet-nbap.c • http://anonsvn.wireshark.org/viewvc?view=revision&revision=49418 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html http://www.wireshark.org/security/wnpa-sec-2013-3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4080
https://notcve.org/view.php?id=CVE-2013-4080
The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. La función dissect_r3_upstreamcommand_queryconfig en epan/dissectors/packet-assa_r3.c en el Assa Abloy R3 dissector en Wireshark 1.8.x anterior a 1.8.8, no maneja adecuadamente un elemento con tamaño zero, lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito y consumo de memoria y CPU) a través de un paquete manipulado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-assa_r3.c?r1=49744&r2=49743&pathrev=49744 http://anonsvn.wireshark.org/viewvc?view=revision&revision=49744 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.securityfocus.com/bid/60503 http://www.wi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 28EXPL: 0CVE-2013-4081 – wireshark: DoS (infinite loop) in the HTTP dissector (wnpa-sec-2013-39)
https://notcve.org/view.php?id=CVE-2013-4081
The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. La función http_payload_subdissector en epan/dissectors/packet-http.c en el HTTP dissector en Wireshark 1.6.x anterior a 1.6.16 y 1.8.x anterior a 1.8.8, no determina adecuadamente cuando se utiliza una aproximación recursiva, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de pila) a través de un paquete manipulado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-http.c?r1=49623&r2=49622&pathrev=49623 http://anonsvn.wireshark.org/viewvc?view=revision&revision=49623 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2014-0341.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gentoo.or • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •