CVE-2013-4075 – wireshark: DoS (crash) in the GMR-1 BCCH dissector (wnpa-sec-2013-33)
https://notcve.org/view.php?id=CVE-2013-4075
epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. epan/dissectors/packet-gmr1_bcch.c en el dissector GMR-1 BCCH en Wireshark v1.8.x anterior a v1.8.8 no inicializa correctamente memoria, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un paquetes especialmente diseñado. A flaw was found in GMR (Geo-Mobile Radio) 1 BCCH protocol dissector of wireshark which an attacker can trigger a denial of service attack and crash wireshark by sending a specially crafted packet onto the wire or by convincing wireshark user to read malformed packet trace file. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gmr1_bcch.c?r1=44674&r2=44673&pathrev=44674 http://anonsvn.wireshark.org/viewvc?view=revision&revision=44674 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2017-0631.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gent • CWE-399: Resource Management Errors •
CVE-2013-3561 – wireshark: Multiple Denial of Service flaws
https://notcve.org/view.php?id=CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. Múltiples desbordamientos de enteros en Wireshark v1.8.x antes de v1.8.7 permite a atacantes remotos provocar una denegación de servicio (bucle o caída de aplicación) a través de un paquete mal formado, en relación con una caída del disector Websocket, un bucle infinito en el disector de MySQL, y un gran bucle en el disector ETCH. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919 http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894 http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336 http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336 http://anonsvn.wireshark.org/viewvc? • CWE-189: Numeric Errors •
CVE-2013-3557 – wireshark: DoS (crash) in the ASN.1 BER dissector (wnpa-sec-2013-25, upstream #8599)
https://notcve.org/view.php?id=CVE-2013-3557
The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. La función dissect_ber_choice en epan/dissectors/packet-ber.c en el disector ASN.1 BER en Wireshark v1.6.x antes de v1.6.15 y v1.8.x antes de v1.8.7 no inicializa correctamente una determinada variable, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete mal formado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ber.c?r1=48944&r2=48943&pathrev=48944 http://anonsvn.wireshark.org/viewvc?view=revision&revision=48944 http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2014-0341.html http://secunia. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3559 – wireshark: DoS (crash) in the DCP ETSI dissector (wnpa-sec-2013-27, upstream #8231, #8540, #8541)
https://notcve.org/view.php?id=CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. epan/dissectors/packet-dcp-etsi.c en el disector DCP ETSI en Wireshar v1.8.x antes de v1.8.7 utiliza tipos de datos enteros incorrectos, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de enteros y corrupción de memoria dinámica o referencia a un puntero NULL y caída de aplicación) a través de un paquete mal formado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=48644&r2=48643&pathrev=48644 http://anonsvn.wireshark.org/viewvc?view=revision&revision=48644 http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://rhn.redhat.com/errata/RHSA-2014-0341.html http://sec • CWE-189: Numeric Errors •
CVE-2013-3560
https://notcve.org/view.php?id=CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. La función dissect_dsmcc_un_download en epan/dissectors/packet-mpeg-dsmcc.c en el disector MPEG DSM-CC en Wireshark v1.8.x antes de v1.8.7 utiliza una cadena de formato incorrecto, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete mal formado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mpeg-dsmcc.c?r1=48332&r2=48331&pathrev=48332 http://anonsvn.wireshark.org/viewvc?view=revision&revision=48332 http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://secunia.com/advisories/53425 http://secunia.com/advisorie • CWE-134: Use of Externally-Controlled Format String •