rpm package
opensuse/wireshark&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/wireshark&distro=openSUSE%20Tumbleweed
Vulnerabilities (540)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-4296 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. | ||
| CVE-2012-4295 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. | ||
| CVE-2012-4294 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. | ||
| CVE-2012-4293 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a ma | ||
| CVE-2012-4292 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers | ||
| CVE-2012-4291 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. | ||
| CVE-2012-4290 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. | ||
| CVE-2012-4289 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. | ||
| CVE-2012-4288 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value | ||
| CVE-2012-4287 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length. | ||
| CVE-2012-4286 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file. | ||
| CVE-2012-4285 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 16, 2012 | The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-lengt | ||
| CVE-2012-4049 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jul 24, 2012 | epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. | ||
| CVE-2012-4048 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jul 24, 2012 | The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. | ||
| CVE-2012-2394 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jun 30, 2012 | Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Reques | ||
| CVE-2012-2393 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jun 30, 2012 | epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that | ||
| CVE-2012-2392 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jun 30, 2012 | Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. | ||
| CVE-2011-3483 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2011 | Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." | ||
| CVE-2011-3360 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Sep 20, 2011 | Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. | ||
| CVE-2011-3266 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 24, 2011 | The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in |
- CVE-2012-4296Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.
- CVE-2012-4295Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.
- CVE-2012-4294Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.
- CVE-2012-4293Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a ma
- CVE-2012-4292Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers
- CVE-2012-4291Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
- CVE-2012-4290Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.
- CVE-2012-4289Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.
- CVE-2012-4288Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value
- CVE-2012-4287Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.
- CVE-2012-4286Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file.
- CVE-2012-4285Aug 16, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-lengt
- CVE-2012-4049Jul 24, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
- CVE-2012-4048Jul 24, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.
- CVE-2012-2394Jun 30, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Reques
- CVE-2012-2393Jun 30, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that
- CVE-2012-2392Jun 30, 2012affected < 2.2.2-1.1fixed 2.2.2-1.1
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.
- CVE-2011-3483Sep 20, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."
- CVE-2011-3360Sep 20, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
- CVE-2011-3266Aug 24, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in
Page 25 of 27