CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2906 – Wireshark CP2179 divide by zero
https://notcve.org/view.php?id=CVE-2023-2906
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. Debido a un error al validar la longitud proporcionada por un paquete CP2179 creado por un atacante, las versiones de Wireshark 2.0.0 a 4.0.7 son susceptibles a una división por cero, lo que permite un ataque de denegación de servicio. • https://gitlab.com/wireshark/wireshark/-/issues/19229 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ https://takeonme.org/cves/CVE-2023-2906.html • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-26575
https://notcve.org/view.php?id=CVE-2020-26575
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. En Wireshark versiones hasta 3.2.7, el Facebook Zero Protocol (también se conoce como FBZERO), podría entrar en un bucle infinito. Esto fue abordado en el archivo epan/dissectors/packet-fbzero.c corrigiendo la implementación del avance de compensación • https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab https://gitlab.com/wireshark/wireshark/-/issues/16887 https://gitlab.com/wireshark/wireshark/-/merge_requests/467 https://gitlab.com/wireshark/wireshark/-/merge_requests/471 https://gitlab.com/wireshark/wireshark/-/merge_requests/472 https://gitlab.com/wireshark/wireshark/-/merge_requests/473 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16056
https://notcve.org/view.php?id=CVE-2018-16056
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. En Wireshark, de la versión 2.6.0 a la 2.6.2, de la versión 2.4.0 a la 2.4.8 y de la versión 2.2.0 a la 2.2.16, el disector Bluetooth Attribute Protocol podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-btatt.c verificando que existe un disector para un UUID concreto. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/105174 http://www.securitytracker.com/id/1041609 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f98fbce64cb230e94a2cafc410a3cedad657b485 https://www.debian.org/security/2018/dsa-4315 https://www.wireshark.org/security/wnpa-sec-2018-45.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16058
https://notcve.org/view.php?id=CVE-2018-16058
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. En Wireshark, de la versión 2.6.0 a la 2.6.2, de la versión 2.4.0 a la 2.4.8 y de la versión 2.2.0 a la 2.2.16, el disector Bluetooth AVDTP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-btavdtp.c inicializando correctamente una estructura de datos. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/105174 http://www.securitytracker.com/id/1041609 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=c48d6a6d60c5c9111838a945966b6cb8750777be https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.debian.org/security/2018/dsa-4315 https://www.wireshark.org/security/wnpa-sec-2018-44.html • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16057 – wireshark: Radiotap dissector crash
https://notcve.org/view.php?id=CVE-2018-16057
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. En Wireshark, de la versión 2.6.0 a la 2.6.2, de la versión 2.4.0 a la 2.4.8 y de la versión 2.2.0 a la 2.2.16, el disector Radiotap podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-ieee80211-radiotap-iter.c validando las operaciones iterator. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/105174 http://www.securitytracker.com/id/1041609 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=bbf46eb46ae38392af8e6cd288795f0def50a621 https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.debian.org/security/2018/dsa-4315 https://www.wireshark.org/security/wnpa-sec-2018-46.html ht • CWE-20: Improper Input Validation •