CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5334 – Debian Security Advisory 4101-1
https://notcve.org/view.php?id=CVE-2018-5334
11 Jan 2018 — In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. En Wireshark 2.4.0 a 2.4.3 y 2.2.0 a 2.2.11, el analizador IxVeriWave de archivos podría cerrarse inesperadamente. Esto se abordó en wiretap/vwr.c corrigiendo las comprobaciones de límites de marca de tiempo de firma. It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/f... • http://www.securityfocus.com/bid/102499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5335 – Debian Security Advisory 4101-1
https://notcve.org/view.php?id=CVE-2018-5335
11 Jan 2018 — In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. En Wireshark 2.4.0 a 2.4.3 y 2.2.0 a 2.2.11, el disector WCP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-wcp.c validando la longitud del búfer disponible. It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeriWave, WCP, JSON,... • http://www.securityfocus.com/bid/102500 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5336 – Debian Security Advisory 4101-1
https://notcve.org/view.php?id=CVE-2018-5336
11 Jan 2018 — In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. En Wireshark 2.4.0 a 2.4.3 y 2.2.0 a 2.2.11, los disectores JSON, XML, NTP, XMPP y GDB podrían cerrarse inesperadamente. Esto se trató en epan/tvbparse.c limitando la profundidad de la recursión. It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeri... • http://www.securityfocus.com/bid/102504 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17997
https://notcve.org/view.php?id=CVE-2017-17997
30 Dec 2017 — In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. En Wireshark, en versiones anteriores a la 2.2.12, el disector MRDISC emplea de forma incorrecta un puntero NULL y se cierra inesperadamente. Esto se trató en epan/dissectors/packet-mrdisc.c validando la longitud de una dirección IPv4. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17935
https://notcve.org/view.php?id=CVE-2017-17935
27 Dec 2017 — The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. La función File_read_line en epan/wslua/wslua_file.c en Wireshark hasta la versión 2.2.11 no elimina correctamente caracteres "\n", lo que permite que atacantes remotos provoquen una denegación de servicio (sub... • http://www.securityfocus.com/bid/102311 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2017-17084 – Debian Security Advisory 4060-1
https://notcve.org/view.php?id=CVE-2017-17084
01 Dec 2017 — In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. En Wireshark 2.4.0 a 2.4.2 y 2.2.0 a 2.2.10, el disector IWARP_MPA podía cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-iwarp-mpa.c validando la longitud de una ULPDU. It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, P... • http://www.securityfocus.com/bid/102030 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2017-17083 – Debian Security Advisory 4060-1
https://notcve.org/view.php?id=CVE-2017-17083
01 Dec 2017 — In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. En Wireshark 2.4.0 a 2.4.2 y 2.2.0 a 2.2.10, el disector NetBIOS podía cerrarse inesperadamente. Esto se solucionó en epan/dissectors/packet-netbios.c asegurando que las operaciones de escritura estaban limitadas al principio de un búfer. It was discovered that wireshark, a network protocol analy... • http://www.securityfocus.com/bid/102029 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 2CVE-2017-17085 – Wireshark 2.4.0 < 2.4.2 / 2.2.0 < 2.2.10 - CIP Safety Dissector Crash
https://notcve.org/view.php?id=CVE-2017-17085
01 Dec 2017 — In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. En Wireshark 2.4.0 a 2.4.2 y 2.2.0 a 2.2.10, el disector CIP Safety podía cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-cipsafety.c validando la longitud del paquete. It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIO... • https://packetstorm.news/files/id/145245 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2017-15192
https://notcve.org/view.php?id=CVE-2017-15192
10 Oct 2017 — In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. En Wireshark desde la versión 2.4.0 hasta la 2.4.1 y desde la 2.2.0 hasta la 2.2.9, el disector BT ATT podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-btatt.c considerando un caso en el que no todos los paquetes BTATT tienen el mismo nivel de encapsulación. • http://www.securityfocus.com/bid/101235 •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-15193
https://notcve.org/view.php?id=CVE-2017-15193
10 Oct 2017 — In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. En Wireshark desde la versión 2.4.0 hasta la 2.4.1 y desde la 2.2.0 hasta la 2.2.9, el disector MBIM podría cerrarse inesperadamente o agotar la memoria del sistema. Esto se abordó en epan/dissectors/packet-mbim.c cambiando el enfoque de asignación de memoria. • http://www.securityfocus.com/bid/101240 • CWE-400: Uncontrolled Resource Consumption •