VYPR

rpm package

suse/wireshark&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

pkg:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Vulnerabilities (104)

  • CVE-2017-13765HigAug 30, 2017
    affected < 2.2.9-48.9.2fixed 2.2.9-48.9.2

    In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.

  • CVE-2017-11411HigJul 18, 2017
    affected < 2.2.8-48.6.1fixed 2.2.8-48.6.1

    In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-935

  • CVE-2017-11410HigJul 18, 2017
    affected < 2.2.8-48.6.1fixed 2.2.8-48.6.1

    In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and l

  • CVE-2017-11408HigJul 18, 2017
    affected < 2.2.8-48.6.1fixed 2.2.8-48.6.1

    In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.

  • CVE-2017-11407HigJul 18, 2017
    affected < 2.2.8-48.6.1fixed 2.2.8-48.6.1

    In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.

  • CVE-2017-11406HigJul 18, 2017
    affected < 2.2.8-48.6.1fixed 2.2.8-48.6.1

    In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.

  • CVE-2017-9766HigJun 21, 2017
    affected < 2.2.9-48.9.2fixed 2.2.9-48.9.2

    In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.

  • CVE-2017-9617MedJun 14, 2017
    affected < 2.2.9-48.9.2fixed 2.2.9-48.9.2

    In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.

  • CVE-2017-9354HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.

  • CVE-2017-9353HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.

  • CVE-2017-9352HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.

  • CVE-2017-9351HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.

  • CVE-2017-9350HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.

  • CVE-2017-9349HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.

  • CVE-2017-9348HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.

  • CVE-2017-9347HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.

  • CVE-2017-9346HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.

  • CVE-2017-9345HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.

  • CVE-2017-9344HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.

  • CVE-2017-9343HigJun 2, 2017
    affected < 2.2.7-47.1fixed 2.2.7-47.1

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.

Page 4 of 6