CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2020-26575 – Gentoo Linux Security Advisory 202011-08
https://notcve.org/view.php?id=CVE-2020-26575
06 Oct 2020 — In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. En Wireshark versiones hasta 3.2.7, el Facebook Zero Protocol (también se conoce como FBZERO), podría entrar en un bucle infinito. Esto fue abordado en el archivo epan/dissectors/packet-fbzero.c corrigiendo la implementación del avance de compensación Multiple vulnerabilities have been fo... • https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14438
https://notcve.org/view.php?id=CVE-2018-14438
20 Jul 2018 — In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. En Wireshark hasta la versión 2.6.2, la función create_app_running_mutex en wsutil/file_util.c llama a SetSecurityDescriptorDacl para establecer un DACL NULL que permite que los atacantes modifiquen el control de acceso de forma arbitraria. • http://www.securityfocus.com/bid/104876 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6836
https://notcve.org/view.php?id=CVE-2018-6836
08 Feb 2018 — The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. La función netmonrec_comment_destroy en wiretap/netmon.c en Wireshark, hasta la versión 2.4.4, realiza una operación de liberación en una dirección de memoria no inicializada, lo que permite que atacantes remotos provoquen una denegación de s... • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17997
https://notcve.org/view.php?id=CVE-2017-17997
30 Dec 2017 — In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. En Wireshark, en versiones anteriores a la 2.2.12, el disector MRDISC emplea de forma incorrecta un puntero NULL y se cierra inesperadamente. Esto se trató en epan/dissectors/packet-mrdisc.c validando la longitud de una dirección IPv4. • https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17935
https://notcve.org/view.php?id=CVE-2017-17935
27 Dec 2017 — The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. La función File_read_line en epan/wslua/wslua_file.c en Wireshark hasta la versión 2.2.11 no elimina correctamente caracteres "\n", lo que permite que atacantes remotos provoquen una denegación de servicio (sub... • http://www.securityfocus.com/bid/102311 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6014 – Debian Security Advisory 3811-1
https://notcve.org/view.php?id=CVE-2017-6014
17 Feb 2017 — In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. En Wireshark 2.2.4 y versiones anteriores, un archivo de captura STANAG 4607 manipulado o mal formado causará un bucle infinito y agotamiento de memoria. Si el campo de tamaño ... • http://www.debian.org/security/2017/dsa-3811 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 33%CPEs: 28EXPL: 5CVE-2013-4074 – Wireshark CAPWAP Dissector - Denial of Service
https://notcve.org/view.php?id=CVE-2013-4074
09 Jun 2013 — The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_capwap_data en epan/dissectors/packet-capwap.c en el dissector CAPWAP en Wireshark v1.6.x anterior a v1.6.16 y v1.8.x anterior a v1.8.8 usa incorrectamente un valor de -1 para re... • https://packetstorm.news/files/id/180491 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 28EXPL: 0CVE-2013-4081 – wireshark: DoS (infinite loop) in the HTTP dissector (wnpa-sec-2013-39)
https://notcve.org/view.php?id=CVE-2013-4081
09 Jun 2013 — The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. La función http_payload_subdissector en epan/dissectors/packet-http.c en el HTTP dissector en Wireshark 1.6.x anterior a 1.6.16 y 1.8.x anterior a 1.8.8, no determina adecuadamente cuando se utiliza ... • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-http.c?r1=49623&r2=49622&pathrev=49623 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-4083 – wireshark: Invalid free in the DCP ETSI dissector (wnpa-sec-2013-41)
https://notcve.org/view.php?id=CVE-2013-4083
09 Jun 2013 — The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_pft function en epan/dissectors/packet-dcp-etsi.c DCP ETS dissector I en Wireshark 1.6.x anterior a 1.6.16, 1.8.x anterior a 1.8.8, y 1.10.0, no valida adecuadamente el tamaño de los fragm... • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=49802&r2=49801&pathrev=49802 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 26EXPL: 0CVE-2013-3556 – Gentoo Linux Security Advisory 201308-05
https://notcve.org/view.php?id=CVE-2013-3556
25 May 2013 — The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. La función fragment_add_seq_common en epan/reassemble.c en el disector ASN.1 BER en Wireshark antes de r48943 tiene una referencia a un puntero incorrecto durante la comparación, lo que permite a atacantes remotos provocar una denegación d... • http://anonsvn.wireshark.org/viewvc/trunk/epan/reassemble.c?r1=48943&r2=48942&pathrev=48943 • CWE-20: Improper Input Validation •