VYPR

rpm package

opensuse/wireshark&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/wireshark&distro=openSUSE%20Tumbleweed

Vulnerabilities (540)

  • CVE-2018-7337HigFeb 23, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.

  • CVE-2018-7336HigFeb 23, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.

  • CVE-2018-7335HigFeb 23, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.

  • CVE-2018-7334HigFeb 23, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.

  • CVE-2018-7333HigFeb 23, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.

  • CVE-2018-7329HigFeb 23, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.

  • CVE-2018-7325HigFeb 23, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.

  • CVE-2018-7321HigFeb 23, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.

  • CVE-2018-7320HigFeb 23, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.

  • CVE-2018-5336HigJan 11, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.

  • CVE-2018-5335MedJan 11, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.

  • CVE-2018-5334MedJan 11, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.

  • CVE-2017-5753MedJan 4, 2018
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

  • CVE-2017-17085HigDec 1, 2017
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.

  • CVE-2017-17084HigDec 1, 2017
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.

  • CVE-2017-17083HigDec 1, 2017
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.

  • CVE-2017-15193HigOct 10, 2017
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.

  • CVE-2017-15192HigOct 10, 2017
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.

  • CVE-2017-15191HigOct 10, 2017
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.

  • CVE-2017-15190HigOct 10, 2017
    affected < 3.4.8-1.2fixed 3.4.8-1.2

    In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.

Page 12 of 27