VYPR

Wireshark

by Wireshark

Source repositories

CVEs (736)

  • CVE-2015-8731MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.05

    The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application…

  • CVE-2015-8730MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.05

    epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.

  • CVE-2015-8729MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.04

    The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service…

  • CVE-2015-8728MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.05

    The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function,…

  • CVE-2015-8727MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.04

    The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and…

  • CVE-2015-8726MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.05

    wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application…

  • CVE-2015-8725MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.05

    The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service…

  • CVE-2015-8724MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.05

    The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and…

  • CVE-2015-8723MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.05

    The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of…

  • CVE-2016-9376MedNov 17, 2016
    risk 0.38cvss 5.9epss 0.02

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.

  • CVE-2016-9375MedNov 17, 2016
    risk 0.38cvss 5.9epss 0.02

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.

  • CVE-2016-9374MedNov 17, 2016
    risk 0.38cvss 5.9epss 0.02

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a…

  • CVE-2016-9373MedNov 17, 2016
    risk 0.38cvss 5.9epss 0.02

    In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file…

  • CVE-2016-7175MedSep 9, 2016
    risk 0.38cvss 5.9epss 0.01

    epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

  • CVE-2016-4421MedMay 1, 2016
    risk 0.38cvss 5.9epss 0.01

    epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.

  • CVE-2016-4420MedMay 1, 2016
    risk 0.38cvss 5.9epss 0.01

    The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

  • CVE-2016-4419MedMay 1, 2016
    risk 0.38cvss 5.9epss 0.01

    epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.

  • CVE-2016-4418MedMay 1, 2016
    risk 0.38cvss 5.9epss 0.01

    epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.

  • CVE-2016-4417MedMay 1, 2016
    risk 0.38cvss 5.9epss 0.01

    Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a…

  • CVE-2016-4416MedMay 1, 2016
    risk 0.38cvss 5.9epss 0.01

    epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Page 10 of 37