VYPR

Wireshark

by Wireshark

Source repositories

CVEs (736)

  • CVE-2018-9263HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.

  • CVE-2018-9262HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.

  • CVE-2018-9261HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.

  • CVE-2018-9260HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.

  • CVE-2018-9259HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.

  • CVE-2018-9258HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.

  • CVE-2018-9257HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.

  • CVE-2018-9256HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.

  • CVE-2018-7421HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.

  • CVE-2018-7420HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.

  • CVE-2018-7419HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.

  • CVE-2018-7418HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.

  • CVE-2018-7417HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.

  • CVE-2018-7337HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.

  • CVE-2018-7336HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.

  • CVE-2018-7335HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.

  • CVE-2018-7334HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.

  • CVE-2018-7333HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.

  • CVE-2018-7332HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.

  • CVE-2018-7331HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.

Page 3 of 37