CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2013-4077
https://notcve.org/view.php?id=CVE-2013-4077
Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. Error de índice de array en el dissector NBAP en Wireshark v1.8.x anterior a v1.8.8 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un paquete especialmente diseñado, relacionado con nbap.cnf y packet-nbap.c • http://anonsvn.wireshark.org/viewvc?view=revision&revision=49418 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html http://www.wireshark.org/security/wnpa-sec-2013-3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4080
https://notcve.org/view.php?id=CVE-2013-4080
The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. La función dissect_r3_upstreamcommand_queryconfig en epan/dissectors/packet-assa_r3.c en el Assa Abloy R3 dissector en Wireshark 1.8.x anterior a 1.8.8, no maneja adecuadamente un elemento con tamaño zero, lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito y consumo de memoria y CPU) a través de un paquete manipulado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-assa_r3.c?r1=49744&r2=49743&pathrev=49744 http://anonsvn.wireshark.org/viewvc?view=revision&revision=49744 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.securityfocus.com/bid/60503 http://www.wi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 28EXPL: 0CVE-2013-4081 – wireshark: DoS (infinite loop) in the HTTP dissector (wnpa-sec-2013-39)
https://notcve.org/view.php?id=CVE-2013-4081
The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. La función http_payload_subdissector en epan/dissectors/packet-http.c en el HTTP dissector en Wireshark 1.6.x anterior a 1.6.16 y 1.8.x anterior a 1.8.8, no determina adecuadamente cuando se utiliza una aproximación recursiva, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de pila) a través de un paquete manipulado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-http.c?r1=49623&r2=49622&pathrev=49623 http://anonsvn.wireshark.org/viewvc?view=revision&revision=49623 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2014-0341.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gentoo.or • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 0%CPEs: 25EXPL: 0CVE-2013-4083 – wireshark: Invalid free in the DCP ETSI dissector (wnpa-sec-2013-41)
https://notcve.org/view.php?id=CVE-2013-4083
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_pft function en epan/dissectors/packet-dcp-etsi.c DCP ETS dissector I en Wireshark 1.6.x anterior a 1.6.16, 1.8.x anterior a 1.8.8, y 1.10.0, no valida adecuadamente el tamaño de los fragmentos, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=49802&r2=49801&pathrev=49802 http://anonsvn.wireshark.org/viewvc?view=revision&revision=49802 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2014-0341.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54296 http://secunia.com/advisories/54425 http://www.debian.org/securit • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2013-4079
https://notcve.org/view.php?id=CVE-2013-4079
The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. La función dissect_schedule_message en epan/dissectors/packet-gsm_cbch.c GSM CBCH dissector en Wireshark 1.8.x anterior 1.8.8 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y cuelgue de aplicación) a través de un paquete manipulado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_cbch.c?r1=49686&r2=49685&pathrev=49686 http://anonsvn.wireshark.org/viewvc?view=revision&revision=49686 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.wireshark.org/docs/relnotes/wireshark-1.8.8&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •