rpm package
suse/wireshark&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
pkg:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
Vulnerabilities (175)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-11355 | Hig | 7.5 | < 2.2.16-40.28.1 | 2.2.16-40.28.1 | May 22, 2018 | In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. | |
| CVE-2018-11354 | Hig | 7.5 | < 2.2.16-40.28.1 | 2.2.16-40.28.1 | May 22, 2018 | In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. | |
| CVE-2018-9274 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. | |
| CVE-2018-9273 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. | |
| CVE-2018-9272 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. | |
| CVE-2018-9271 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. | |
| CVE-2018-9270 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. | |
| CVE-2018-9269 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. | |
| CVE-2018-9268 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. | |
| CVE-2018-9267 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. | |
| CVE-2018-9266 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. | |
| CVE-2018-9265 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. | |
| CVE-2018-9264 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. | |
| CVE-2018-9263 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. | |
| CVE-2018-9262 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. | |
| CVE-2018-9261 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. | |
| CVE-2018-9260 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. | |
| CVE-2018-9259 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. | |
| CVE-2018-9256 | Hig | 7.5 | < 2.2.14-40.25.1 | 2.2.14-40.25.1 | Apr 4, 2018 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. | |
| CVE-2018-7421 | Hig | 7.5 | < 2.2.13-40.22.1 | 2.2.13-40.22.1 | Feb 23, 2018 | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. |
- affected < 2.2.16-40.28.1fixed 2.2.16-40.28.1
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
- affected < 2.2.16-40.28.1fixed 2.2.16-40.28.1
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.
- affected < 2.2.14-40.25.1fixed 2.2.14-40.25.1
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.
- affected < 2.2.13-40.22.1fixed 2.2.13-40.22.1
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.
Page 2 of 9