rpm package
suse/portaudio&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/portaudio&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-17085 | Hig | 7.5 | < 19-234.18.1 | 19-234.18.1 | Dec 1, 2017 | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. | |
| CVE-2017-17084 | Hig | 7.5 | < 19-234.18.1 | 19-234.18.1 | Dec 1, 2017 | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. | |
| CVE-2017-17083 | Hig | 7.5 | < 19-234.18.1 | 19-234.18.1 | Dec 1, 2017 | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. | |
| CVE-2017-15193 | Hig | 7.5 | < 19-234.18.1 | 19-234.18.1 | Oct 10, 2017 | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. | |
| CVE-2017-15192 | Hig | 7.5 | < 19-234.18.1 | 19-234.18.1 | Oct 10, 2017 | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. | |
| CVE-2017-15191 | Hig | 7.5 | < 19-234.18.1 | 19-234.18.1 | Oct 10, 2017 | In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. | |
| CVE-2017-13767 | Hig | 7.5 | < 19-234.18.1 | 19-234.18.1 | Aug 30, 2017 | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. | |
| CVE-2017-13766 | Hig | 7.5 | < 19-234.18.1 | 19-234.18.1 | Aug 30, 2017 | In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. | |
| CVE-2017-13765 | Hig | 7.5 | < 19-234.18.1 | 19-234.18.1 | Aug 30, 2017 | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. | |
| CVE-2017-9766 | Hig | 7.5 | < 19-234.18.1 | 19-234.18.1 | Jun 21, 2017 | In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. | |
| CVE-2017-9617 | Med | 5.5 | < 19-234.18.1 | 19-234.18.1 | Jun 14, 2017 | In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. |
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
- affected < 19-234.18.1fixed 19-234.18.1
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.