Page 67 of 484 results (0.010 seconds)

CVSS: 9.8EPSS: 30%CPEs: 12EXPL: 0

CVE-2017-5205 – tcpdump: multiple overflow issues in protocol decoding

https://notcve.org/view.php?id=CVE-2017-5205

The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). El analizador ISAKMP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-isakmp.c:ikev2_e_print(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. • http://www.debian.org/security/2017/dsa-3775 http://www.securityfocus.com/bid/95852 http://www.securitytracker.com/id/1037755 https://access.redhat.com/errata/RHSA-2017:1871 https://security.gentoo.org/glsa/201702-30 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html https://access.redhat.com/security/cve/CVE-2017-5205 https://bugzilla.redhat.com/show_bug.cgi?id=1419066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 30%CPEs: 12EXPL: 0

CVE-2017-5203 – tcpdump: multiple overflow issues in protocol decoding

https://notcve.org/view.php?id=CVE-2017-5203

The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). El analizador BOOTP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-bootp.c:bootp_print(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. • http://www.debian.org/security/2017/dsa-3775 http://www.securityfocus.com/bid/95852 http://www.securitytracker.com/id/1037755 https://access.redhat.com/errata/RHSA-2017:1871 https://security.gentoo.org/glsa/201702-30 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html https://access.redhat.com/security/cve/CVE-2017-5203 https://bugzilla.redhat.com/show_bug.cgi?id=1419066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 30%CPEs: 12EXPL: 0

CVE-2017-5204 – tcpdump: multiple overflow issues in protocol decoding

https://notcve.org/view.php?id=CVE-2017-5204

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). El analizador IPv6 en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-ip6.c:ip6_print(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. • http://www.debian.org/security/2017/dsa-3775 http://www.securityfocus.com/bid/95852 http://www.securitytracker.com/id/1037755 https://access.redhat.com/errata/RHSA-2017:1871 https://security.gentoo.org/glsa/201702-30 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html https://access.redhat.com/security/cve/CVE-2017-5204 https://bugzilla.redhat.com/show_bug.cgi?id=1419066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 1%CPEs: 14EXPL: 0

CVE-2016-5824 – libical: Multiple use-after-free vulnerabilities

https://notcve.org/view.php?id=CVE-2016-5824

libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. libical 1.0 permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) a través de un archivo ics manipulado. • http://www.openwall.com/lists/oss-security/2016/06/25/4 http://www.openwall.com/lists/oss-security/2017/01/20/16 http://www.securityfocus.com/bid/91459 https://access.redhat.com/errata/RHSA-2019:0269 https://access.redhat.com/errata/RHSA-2019:0270 https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 https://github.com/libical/libical/issues/235 https://github.com/libical/libical/issues/251 https://github.com/libical/libical/issues/286 https://security.gentoo • CWE-416: Use After Free •

CVSS: 8.8EPSS: 2%CPEs: 14EXPL: 0

CVE-2017-5208 – icoutils: Check_offset overflow on 64-bit systems

https://notcve.org/view.php?id=CVE-2017-5208

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. Un desbordamiento de números enteros en el programa wrestool en icoutils en versiones anteriores a la 0.31.1 permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria) mediante un ejecutable manipulado. Esto desencadena una denegación de servicio (bloqueo de aplicación) o la posibilidad de ejecución de código arbitrario. A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution. • http://rhn.redhat.com/errata/RHSA-2017-0837.html http://www.debian.org/security/2017/dsa-3756 http://www.openwall.com/lists/oss-security/2017/01/08/5 http://www.securityfocus.com/bid/95315 https://bugzilla.redhat.com/show_bug.cgi?id=1411251 https://security.gentoo.org/glsa/201801-12 https://access.redhat.com/security/cve/CVE-2017-5208 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •