rpm package
opensuse/wireshark&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/wireshark&distro=openSUSE%20Tumbleweed
Vulnerabilities (540)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-3810 | — | < 2.2.2-1.1 | 2.2.2-1.1 | May 26, 2015 | epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. | ||
| CVE-2015-3809 | — | < 2.2.2-1.1 | 2.2.2-1.1 | May 26, 2015 | The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | ||
| CVE-2015-3808 | — | < 2.2.2-1.1 | 2.2.2-1.1 | May 26, 2015 | The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | ||
| CVE-2015-2192 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 8, 2015 | Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. | ||
| CVE-2015-2191 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 8, 2015 | Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. | ||
| CVE-2015-2190 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 8, 2015 | epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP | ||
| CVE-2015-2189 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 8, 2015 | Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statisti | ||
| CVE-2015-2188 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 8, 2015 | epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet | ||
| CVE-2015-2187 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 8, 2015 | The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corru | ||
| CVE-2015-0564 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jan 10, 2015 | Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during de | ||
| CVE-2015-0563 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jan 10, 2015 | epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet | ||
| CVE-2015-0562 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jan 10, 2015 | Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, relate | ||
| CVE-2015-0561 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jan 10, 2015 | asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. | ||
| CVE-2015-0560 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jan 10, 2015 | The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application | ||
| CVE-2015-0559 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jan 10, 2015 | Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-sc | ||
| CVE-2014-8714 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Nov 23, 2014 | The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | ||
| CVE-2014-8713 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Nov 23, 2014 | Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||
| CVE-2014-8712 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Nov 23, 2014 | The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via | ||
| CVE-2014-8711 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Nov 23, 2014 | Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. | ||
| CVE-2014-8710 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Nov 23, 2014 | The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. |
- CVE-2015-3810May 26, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.
- CVE-2015-3809May 26, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
- CVE-2015-3808May 26, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
- CVE-2015-2192Mar 8, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
- CVE-2015-2191Mar 8, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
- CVE-2015-2190Mar 8, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP
- CVE-2015-2189Mar 8, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statisti
- CVE-2015-2188Mar 8, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet
- CVE-2015-2187Mar 8, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corru
- CVE-2015-0564Jan 10, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during de
- CVE-2015-0563Jan 10, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet
- CVE-2015-0562Jan 10, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, relate
- CVE-2015-0561Jan 10, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
- CVE-2015-0560Jan 10, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application
- CVE-2015-0559Jan 10, 2015affected < 2.2.2-1.1fixed 2.2.2-1.1
Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-sc
- CVE-2014-8714Nov 23, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
- CVE-2014-8713Nov 23, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
- CVE-2014-8712Nov 23, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via
- CVE-2014-8711Nov 23, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.
- CVE-2014-8710Nov 23, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
Page 19 of 27