rpm package
suse/wireshark&distro=SUSE Linux Enterprise High Performance Computing 15-ESPOS
pkg:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS
Vulnerabilities (80)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9209 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Feb 28, 2019 | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. | ||
| CVE-2019-9208 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Feb 28, 2019 | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. | ||
| CVE-2019-5721 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Jan 8, 2019 | In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. | ||
| CVE-2019-5719 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Jan 8, 2019 | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. | ||
| CVE-2019-5718 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Jan 8, 2019 | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. | ||
| CVE-2019-5717 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Jan 8, 2019 | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. | ||
| CVE-2019-5716 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Jan 8, 2019 | In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. | ||
| CVE-2018-19628 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. | ||
| CVE-2018-19627 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. | ||
| CVE-2018-19626 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. | ||
| CVE-2018-19625 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. | ||
| CVE-2018-19624 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. | ||
| CVE-2018-19623 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negat | ||
| CVE-2018-19622 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Nov 29, 2018 | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. | ||
| CVE-2018-18227 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Oct 12, 2018 | In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. | ||
| CVE-2018-18226 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Oct 12, 2018 | In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. | ||
| CVE-2018-18225 | — | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Oct 12, 2018 | In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. | ||
| CVE-2018-12086 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Sep 14, 2018 | Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | |
| CVE-2018-16058 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Aug 30, 2018 | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. | |
| CVE-2018-16057 | Hig | 7.5 | < 3.2.2-3.35.2 | 3.2.2-3.35.2 | Aug 30, 2018 | In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. |
- CVE-2019-9209Feb 28, 2019affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
- CVE-2019-9208Feb 28, 2019affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.
- CVE-2019-5721Jan 8, 2019affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.
- CVE-2019-5719Jan 8, 2019affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.
- CVE-2019-5718Jan 8, 2019affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.
- CVE-2019-5717Jan 8, 2019affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.
- CVE-2019-5716Jan 8, 2019affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.
- CVE-2018-19628Nov 29, 2018affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
- CVE-2018-19627Nov 29, 2018affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
- CVE-2018-19626Nov 29, 2018affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.
- CVE-2018-19625Nov 29, 2018affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
- CVE-2018-19624Nov 29, 2018affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
- CVE-2018-19623Nov 29, 2018affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negat
- CVE-2018-19622Nov 29, 2018affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
- CVE-2018-18227Oct 12, 2018affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
- CVE-2018-18226Oct 12, 2018affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach.
- CVE-2018-18225Oct 12, 2018affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.
- affected < 3.2.2-3.35.2fixed 3.2.2-3.35.2
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
Page 3 of 4