rpm package
suse/wireshark&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
pkg:rpm/suse/wireshark&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
Vulnerabilities (104)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-11407 | Hig | 7.5 | < 2.2.8-48.6.1 | 2.2.8-48.6.1 | Jul 18, 2017 | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. | |
| CVE-2017-11406 | Hig | 7.5 | < 2.2.8-48.6.1 | 2.2.8-48.6.1 | Jul 18, 2017 | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. | |
| CVE-2017-9766 | Hig | 7.5 | < 2.2.9-48.9.2 | 2.2.9-48.9.2 | Jun 21, 2017 | In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. | |
| CVE-2017-9617 | Med | 5.5 | < 2.2.9-48.9.2 | 2.2.9-48.9.2 | Jun 14, 2017 | In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. |
- affected < 2.2.8-48.6.1fixed 2.2.8-48.6.1
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.
- affected < 2.2.8-48.6.1fixed 2.2.8-48.6.1
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.
- affected < 2.2.9-48.9.2fixed 2.2.9-48.9.2
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
- affected < 2.2.9-48.9.2fixed 2.2.9-48.9.2
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
Page 6 of 6