CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-7326
https://notcve.org/view.php?id=CVE-2018-7326
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-lltd.c tenía un bucle infinito que se abordó empleando un tipo de datos de enteros correcto. • http://www.securityfocus.com/bid/103158 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7337
https://notcve.org/view.php?id=CVE-2018-7337
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. En Wireshark desde la versión 2.4.0 hasta la 2.4.4, el disector de protocolo DOCSIS podría cerrarse inesperadamente. Esto se trató en plugins/docsis/packet-docsis.c eliminando el algoritmo recursivo que se había estado empleando para los PDU concatenados. • http://www.securityfocus.com/bid/103164 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7329
https://notcve.org/view.php?id=CVE-2018-7329
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-s7comm.c tenía un bucle infinito que se abordó corrigiendo los errores por un paso. • http://www.securityfocus.com/bid/103158 • CWE-193: Off-by-one Error CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7332
https://notcve.org/view.php?id=CVE-2018-7332
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-reload.c tenía un bucle infinito que se abordó validando una longitud. • http://www.securityfocus.com/bid/103158 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7333
https://notcve.org/view.php?id=CVE-2018-7333
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-rpcrdma.c tenía un bucle infinito que se abordó validando un tamaño de fragmento. • http://www.securityfocus.com/bid/103158 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-7334 – Debian Security Advisory 4217-1
https://notcve.org/view.php?id=CVE-2018-7334
23 Feb 2018 — In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, el disector UMTS MAC podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-umts_mac.c rechazando cierto valor reservado. It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IE... • http://www.securityfocus.com/bid/103162 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6836
https://notcve.org/view.php?id=CVE-2018-6836
08 Feb 2018 — The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. La función netmonrec_comment_destroy en wiretap/netmon.c en Wireshark, hasta la versión 2.4.4, realiza una operación de liberación en una dirección de memoria no inicializada, lo que permite que atacantes remotos provoquen una denegación de s... • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5334 – Debian Security Advisory 4101-1
https://notcve.org/view.php?id=CVE-2018-5334
11 Jan 2018 — In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. En Wireshark 2.4.0 a 2.4.3 y 2.2.0 a 2.2.11, el analizador IxVeriWave de archivos podría cerrarse inesperadamente. Esto se abordó en wiretap/vwr.c corrigiendo las comprobaciones de límites de marca de tiempo de firma. It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/f... • http://www.securityfocus.com/bid/102499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-5335 – Debian Security Advisory 4101-1
https://notcve.org/view.php?id=CVE-2018-5335
11 Jan 2018 — In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. En Wireshark 2.4.0 a 2.4.3 y 2.2.0 a 2.2.11, el disector WCP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-wcp.c validando la longitud del búfer disponible. It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeriWave, WCP, JSON,... • http://www.securityfocus.com/bid/102500 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-5336 – Debian Security Advisory 4101-1
https://notcve.org/view.php?id=CVE-2018-5336
11 Jan 2018 — In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. En Wireshark 2.4.0 a 2.4.3 y 2.2.0 a 2.2.11, los disectores JSON, XML, NTP, XMPP y GDB podrían cerrarse inesperadamente. Esto se trató en epan/tvbparse.c limitando la profundidad de la recursión. It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors/file parsers for IxVeri... • http://www.securityfocus.com/bid/102504 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •