rpm package
opensuse/wireshark&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/wireshark&distro=openSUSE%20Tumbleweed
Vulnerabilities (540)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-2698 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Aug 23, 2011 | Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. | ||
| CVE-2011-2597 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jul 7, 2011 | The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. | ||
| CVE-2011-2175 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jun 6, 2011 | Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. | ||
| CVE-2011-2174 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jun 6, 2011 | Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. | ||
| CVE-2011-1959 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jun 6, 2011 | The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that | ||
| CVE-2011-1958 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jun 6, 2011 | Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. | ||
| CVE-2011-1957 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jun 6, 2011 | The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. | ||
| CVE-2011-1592 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Apr 29, 2011 | The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. | ||
| CVE-2011-1591 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Apr 29, 2011 | Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. | ||
| CVE-2011-1590 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Apr 29, 2011 | The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. | ||
| CVE-2011-0024 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 28, 2011 | Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. | ||
| CVE-2011-1143 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 3, 2011 | epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. | ||
| CVE-2011-1140 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 3, 2011 | Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or | ||
| CVE-2011-1139 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 3, 2011 | wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field. | ||
| CVE-2011-1138 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 3, 2011 | Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. | ||
| CVE-2011-0713 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Mar 3, 2011 | Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. | ||
| CVE-2011-0538 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Feb 8, 2011 | Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a ma | ||
| CVE-2010-4538 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Jan 7, 2011 | Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) comp | ||
| CVE-2010-4301 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Nov 26, 2010 | epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. | ||
| CVE-2010-4300 | — | < 2.2.2-1.1 | 2.2.2-1.1 | Nov 26, 2010 | Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an |
- CVE-2011-2698Aug 23, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.
- CVE-2011-2597Jul 7, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.
- CVE-2011-2175Jun 6, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read.
- CVE-2011-2174Jun 6, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression.
- CVE-2011-1959Jun 6, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that
- CVE-2011-1958Jun 6, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file.
- CVE-2011-1957Jun 6, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length.
- CVE-2011-1592Apr 29, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
- CVE-2011-1591Apr 29, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
- CVE-2011-1590Apr 29, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
- CVE-2011-0024Mar 28, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.
- CVE-2011-1143Mar 3, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.
- CVE-2011-1140Mar 3, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or
- CVE-2011-1139Mar 3, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field.
- CVE-2011-1138Mar 3, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet.
- CVE-2011-0713Mar 3, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file.
- CVE-2011-0538Feb 8, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a ma
- CVE-2010-4538Jan 7, 2011affected < 2.2.2-1.1fixed 2.2.2-1.1
Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) comp
- CVE-2010-4301Nov 26, 2010affected < 2.2.2-1.1fixed 2.2.2-1.1
epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.
- CVE-2010-4300Nov 26, 2010affected < 2.2.2-1.1fixed 2.2.2-1.1
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an
Page 26 of 27