CVE-2015-8735 – Wireshark - memcpy 'get_value / dissect_btatt' SIGSEGV
https://notcve.org/view.php?id=CVE-2015-8735
The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. La función get_value en epan/dissectors/packet-btatt.c en el disector Bluetooth Attribute (también conocido como BT ATT) en Wireshark 2.0.x en versiones anteriores a 2.0.1 utiliza un tipo de datos de entero incorrecto, lo que permite a atacantes remotos causar una denegación de servicio (operación de escritura no válida y caída de aplicación) a través de un paquete manipulado. • https://www.exploit-db.com/exploits/38998 http://www.securityfocus.com/bid/79382 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-53.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11817 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=83bad0215dae54e77d34f8b187900125f672366e https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •
CVE-2015-8715
https://notcve.org/view.php?id=CVE-2015-8715
epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. epan/dissectors/packet-alljoyn.c en el disector AllJoyn en Wireshark 1.12.x en versiones anteriores a 1.12.9 no comprueba para argumentos vacíos, lo que permite a atacantes remotos provocar una denegación de servicio (búcle infinito) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79816 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-34.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11607 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=40caff2d1fb08262c84aaaa8ac584baa8866dd7c https://security.gentoo.org/glsa/201604-05 • CWE-20: Improper Input Validation •
CVE-2015-8733 – Wireshark - 'infer_pkt_encap' Heap Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2015-8733
The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. La función ngsniffer_process_record en wiretap/ngsniffer.c en el analizador de archivo Sniffer en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida las relaciones entre la longitud de los registros y la longitud de las cabeceras de los registros, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un archivo manipulado. • https://www.exploit-db.com/exploits/39076 http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/79814 http://www.securitytracker.com/id/1034551 http://www.wireshark.org/security/wnpa-sec-2015-51.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11827 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=53a3e53fce30523d11ab3df319fba7b75d63076f https://security.gentoo.o • CWE-20: Improper Input Validation •
CVE-2015-3182 – wireshark: crash on sample file genbroad.snoop
https://notcve.org/view.php?id=CVE-2015-3182
epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. epan/dissectors/packet-dec-dnart.c en el disector DECnet NSP/RT en Wireshark 1.10.12 hasta la versión 1.10.14 no maneja correctamente un cierto valor de retorno strdup, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete manipulado. • http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/74586 http://www.securitytracker.com/id/1032279 https://bugzilla.redhat.com/show_bug.cgi?id=1219409 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=373deb5f4182a5c4ab8c8418a7bbaa5d6e72bb05 https://security.gentoo.org/glsa/201510-03 https://access.redhat.com/security/cve/CVE-2015-3182 • CWE-20: Improper Input Validation CWE-704: Incorrect Type Conversion or Cast •
CVE-2015-7830 – Wireshark PCAPNG if_filter Arbitrary Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7830
The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. La función pcapng_read_if_descr_block en wiretap/pcapng.c en el analizador pcapng en Wireshark 1.12.x en versiones anteriores a 1.12.8 utiliza demasiados niveles de indirección de puntero, lo que permite a atacantes remotos provocar una denegación de servicio (liberación de memoria incorrecta y caída de aplicación) a través de un paquete manipulado que desencadena el copiado del filtro de interfaz. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PCAPNG files. The issue lies in the handling of the if_filter section within next-generation PCAP files. • http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html http://www.debian.org/security/2016/dsa-3505 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/77101 http://www.securityfocus.com/bid/78723 http://www.securitytracker.com/id/1033953 http://www.wireshark.org/security/wnpa-sec-2015-30.html http://www.zerodayinitiative.com/advisories/ZDI-15-624 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11455 https: • CWE-20: Improper Input Validation •