rpm package
opensuse/wireshark&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/wireshark&distro=openSUSE%20Tumbleweed
Vulnerabilities (540)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-6432 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2014 | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) | ||
| CVE-2014-6431 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2014 | Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of | ||
| CVE-2014-6430 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2014 | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | ||
| CVE-2014-6429 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2014 | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted | ||
| CVE-2014-6428 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2014 | The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||
| CVE-2014-6427 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2014 | Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers | ||
| CVE-2014-6426 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2014 | The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | ||
| CVE-2014-6425 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2014 | The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a tra | ||
| CVE-2014-6424 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2014 | The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized | ||
| CVE-2014-6423 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2014 | The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. | ||
| CVE-2014-5165 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 1, 2014 | The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application cras | ||
| CVE-2014-5164 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 1, 2014 | The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted pa | ||
| CVE-2014-5163 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 1, 2014 | The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial o | ||
| CVE-2014-5162 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 1, 2014 | The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application c | ||
| CVE-2014-5161 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 1, 2014 | The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. | ||
| CVE-2014-4020 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jun 18, 2014 | The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial o | ||
| CVE-2014-2907 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Apr 24, 2014 | The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||
| CVE-2014-2299 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 11, 2014 | Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. | ||
| CVE-2014-2283 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 11, 2014 | epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Rad | ||
| CVE-2014-2282 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 11, 2014 | The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. |
- CVE-2014-6432Sep 20, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash)
- CVE-2014-6431Sep 20, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of
- CVE-2014-6430Sep 20, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
- CVE-2014-6429Sep 20, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted
- CVE-2014-6428Sep 20, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
- CVE-2014-6427Sep 20, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers
- CVE-2014-6426Sep 20, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
- CVE-2014-6425Sep 20, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a tra
- CVE-2014-6424Sep 20, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized
- CVE-2014-6423Sep 20, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.
- CVE-2014-5165Aug 1, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application cras
- CVE-2014-5164Aug 1, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted pa
- CVE-2014-5163Aug 1, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial o
- CVE-2014-5162Aug 1, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application c
- CVE-2014-5161Aug 1, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.
- CVE-2014-4020Jun 18, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial o
- CVE-2014-2907Apr 24, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
- CVE-2014-2299Mar 11, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
- CVE-2014-2283Mar 11, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Rad
- CVE-2014-2282Mar 11, 2014affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.
Page 20 of 27