CVE-2008-4684 – wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector
https://notcve.org/view.php?id=CVE-2008-4684
packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. packet-frame en Wireshark v0.99.2 a la v1.0.3 no maneja adecuadamente las excepciones a lanzadas por los analizadores "post", lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de determinadas series de paquetes como se ha demostrado activando los analizadores "post" (1) PRP o (2) MATE. • http://secunia.com/advisories/32355 http://secunia.com/advisories/32944 http://secunia.com/advisories/34144 http://securitytracker.com/id?1021069 http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm http://wiki.rpath.com/Advisories:rPSA-2008-0336 http://www.debian.org/security/2008/dsa-1673 http://www.mandriva.com/security/advisories?name=MDVSA-2008:215 http://www.redhat.com/support/errata/RHSA-2009-0313.html http://www.securityfocus.com/archive/1/499154/100/0/th • CWE-399: Resource Management Errors •
CVE-2008-4685 – wireshark: DoS (app crash or abort) in Q.931 dissector via certain packets
https://notcve.org/view.php?id=CVE-2008-4685
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. Vulnerabilidad de uso después de la liberación en la función dissect_q931_cause_ie en packet-q931.c en el analizador Q.931 de Wireshark v0.10.3 a la v1.0.3, permite a atacantes remotos provocar una denegación de servicio (aborto o caída de aplicación) a través de determinados paquetes que lanzan una excepción. • http://secunia.com/advisories/32355 http://secunia.com/advisories/32944 http://secunia.com/advisories/34144 http://securitytracker.com/id?1021069 http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm http://wiki.rpath.com/Advisories:rPSA-2008-0336 http://www.debian.org/security/2008/dsa-1673 http://www.mandriva.com/security/advisories?name=MDVSA-2008:215 http://www.redhat.com/support/errata/RHSA-2009-0313.html http://www.securityfocus.com/archive/1/499154/100/0/th • CWE-399: Resource Management Errors •
CVE-2008-3932 – wireshark: infinite loop in the NCP dissector
https://notcve.org/view.php?id=CVE-2008-3932
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. Wireshark (anteriormente Ethereal) 0.9.7 hasta 1.0.2, permite a los atacantes causar una denegación de servicio (cuelgue), a través de un paquete NCP manipulado que provoca un bucle infinito. • http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675 http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091 http://security.gentoo.org/glsa/glsa-200809-17.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http://www.mandriva.com/security/advisories?name=MDVSA-2008:199 http://www.redhat.com/support/errata/RHSA-2008 • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2008-3933 – wireshark: crash triggered by zlib-compressed packet data
https://notcve.org/view.php?id=CVE-2008-3933
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. Aplicación Wireshark (conocida como Ehtereal) 0.10.14 a la v 1.0.2, permite a atacantes provocar una denegación de servicio (caída) a través de un paquete con datos zlib-compressed manipulados que lanzan una lectura errónea en la función tvb_uncompress. • http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200809-17.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http://www.debian.org/security/2008/dsa-1673 http://www.mandriva.com/security/advisories?name=MDVSA-2008:199 http://www.redhat. • CWE-20: Improper Input Validation •
CVE-2008-3146 – wireshark: multiple buffer overflows in NCP dissector
https://notcve.org/view.php?id=CVE-2008-3146
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. Múltiples desbordamientos de búfer en el archivo packet_ncp2222.inc en Wireshark (anteriormente Ethereal) versiones 0.9.7 hasta 1.0.2, permite a atacantes causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de un paquete NCP diseñado que causa que sea usado un puntero no válido. • http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31687 http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091 http://security.gentoo.org/glsa/glsa-200809-17.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •