CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-7830 – Wireshark PCAPNG if_filter Arbitrary Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7830
20 Oct 2015 — The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. La función pcapng_read_if_descr_block en wiretap/pcapng.c en el analizador pcapng en Wireshark 1.12.x en versiones anteriores a 1.12.8 utiliza demasiados niveles de indirección de puntero, lo q... • http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-6241 – Debian Security Advisory 3367-1
https://notcve.org/view.php?id=CVE-2015-6241
24 Aug 2015 — The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función proto_tree_add_bytes_item en epan/proto.c en la implementación protocol-tree en Wireshark 1.12.x en versiones anteriores a 1.12.7, no finaliza adecuadamente una... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-6242 – Debian Security Advisory 3367-1
https://notcve.org/view.php?id=CVE-2015-6242
24 Aug 2015 — The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. Vulnerabilidad en la función wmem_block_split_free_chunk en epan/wmem/wmem_allocator_block.c en el... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6243 – wireshark: Dissector table crash (wnpa-sec-2015-23)
https://notcve.org/view.php?id=CVE-2015-6243
24 Aug 2015 — The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. Vulnerabilidad en la implementación dissector-table en epan/packet.c en Wireshark 1.12.x en versiones anteriores a 1.12.7, maneja incorrectamente las búsquedas de cadenas vacías ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6244 – wireshark: ZigBee dissector crash (wnpa-sec-2015-24)
https://notcve.org/view.php?id=CVE-2015-6244
24 Aug 2015 — The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función dissect_zbee_secure en epan/dissectors/packet-zbee-security.c en el disector ZigBee en Wireshark 1.12.x en versiones anteriores a 1.12.7, confía inadecuadamente en los campos de longitud c... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6245 – wireshark: GSM RLC/MAC dissector infinite loop (wnpa-sec-2015-25)
https://notcve.org/view.php?id=CVE-2015-6245
24 Aug 2015 — epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Vulnerabilidad en epan/dissectors/packet-gsm_rlcmac.c en el disector GSM RLC/MAC en Wireshark 1.12.x en versiones anteriores a 1.12.7, usa tipos de datos de enteros incorrectos, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un pa... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6246 – wireshark: WaveAgent dissector crash (wnpa-sec-2015-26)
https://notcve.org/view.php?id=CVE-2015-6246
24 Aug 2015 — The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función dissect_wa_payload en epan/dissectors/packet-waveagent.c en el disector WaveAgent en Wireshark 1.12.x en versiones anteriores a 1.12.7, no maneja adecuadamente los valores de etiqueta grandes, lo que permite a atacantes re... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-6247 – Debian Security Advisory 3367-1
https://notcve.org/view.php?id=CVE-2015-6247
24 Aug 2015 — The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Vulnerabilidad en la función dissect_openflow_tablemod_v5 en epan/dissectors/packet-openflow_v5.c en el disector OpenFlow en Wireshark 1.12.x en versiones anteriores a 1.12.7, no valida un cierto valor de desplazamiento, lo que per... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6248 – wireshark: Ptvcursor crash (wnpa-sec-2015-28)
https://notcve.org/view.php?id=CVE-2015-6248
24 Aug 2015 — The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función ptvcursor_add en la implementación ptvcursor en epan/proto.c en Wireshark 1.12.x en versiones anteriores a 1.12.7, no comprueba si la cantidad de datos esperada está disponible, lo que permite a atacantes rem... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-6249 – Debian Security Advisory 3367-1
https://notcve.org/view.php?id=CVE-2015-6249
24 Aug 2015 — The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función dissect_wccp2r1_address_table_info en epan/dissectors/packet-wccp.c en el disector WCCP en Wireshark 1.12.x en versiones anteriores a 1.12.7, no impide el uso conf... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •