CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5238
https://notcve.org/view.php?id=CVE-2012-5238
epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. epan/dissectors/packet-ppp.c en el «dissector» PPP en Wireshark v1.8.x anteriores a v1.8.3, usa de forma incorrecta las estructuras de datos OUI, durante el decodificado de datos (1) PPP y (2) LCP, lo que permite a atacantes remotos provocar una denegación de servicio (fallo en la inserción y salida de la aplicación) a través de un paquete mal formado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989 http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688 http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989 http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688 http://osvdb.org/85883 http://www.securityfocus.com/bid/55754 http://www.securitytracker.com/id? •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 1CVE-2012-3548
https://notcve.org/view.php?id=CVE-2012-3548
The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. La función dissect_drda en epan/dissectors/packet-drda.c en Wireshark v1.6.x hasta v1.6.10 y v1.8.x hasta v1.8.2 permite a atacantes remotos causar una denegación de servicio (ciclo infinito y consumo de memoria) a través de un valor pequeño para una cierta longitud de campo en un fichero de captura. • http://openwall.com/lists/oss-security/2012/08/29/4 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.securitytracker.com/id?1027464 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666 https://bugzilla.redhat.com/show_bug.cgi?id=849926 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15646 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2012-4291 – wireshark: DoS via excessive system resource consumption in CIP dissector (wnpa-sec-2012-20)
https://notcve.org/view.php?id=CVE-2012-4291
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. El disector CIP en Wireshark v1.4.x antes de v1.4.15, v1.6.x antes de v1.6.10 y v1.8.x antes de v1.8.2 permite a atacantes remotos causar una denegación de servicio (por excesivo consumo de memoria) a través de un paquete con formato erróneo. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html http://rhn.redhat.com/errata/RHSA-2013-0125.html http://secunia.com/advisories/50276 http://secunia.com/advisories/51363 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.securityfocus.com/bid/55035 http://www.wireshark.org/security/wnpa-sec-2012-20.html https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3 https://bugs.wireshark.or • CWE-399: Resource Management Errors •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1CVE-2012-4295
https://notcve.org/view.php?id=CVE-2012-4295
Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. Error de índice de array en la función channelised_fill_sdh_g707_format en epan/disectores/erf.c en el disector ERF en Wireshark v1.8.x antes de v1.8.2 podría permitir a atacantes remotos provocar una denegación de servicio (por caída de la aplicación) a través de un valor de velocidad (aka rate) modificado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419 http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419 http://secunia.com/advisories/50276 http://secunia.com/advisories/51363 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.securityfocus.com/bid/55035 http://www.wireshark.org/security/wnpa-sec-2012-16.html https://blogs.oracle.com/sunsecurity/entry/multiple_vulner • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 8%CPEs: 3EXPL: 1CVE-2012-4294
https://notcve.org/view.php?id=CVE-2012-4294
Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. Un desbordamiento de búfer en la función channelised_fill_sdh_g707_format en epan/dissectors/packet-erf.c en el disector de ERF en Wireshark v1.8.x antes de v1.8.2 permite a atacantes remotos ejecutar código de su elección a través de un valor de velocidad (aka rate) demasiado grande. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377 http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377 http://secunia.com/advisories/50276 http://secunia.com/advisories/51363 http://secunia.com/advisories/54425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.securityfocus.com/bid/55035 http://www.wireshark.org/security/wnpa-sec-2012-16.html https://blogs.oracle.com/sunsecurity/entry/multiple_vulner • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •