VYPR

Wireshark

by Wireshark

Source repositories

CVEs (736)

  • CVE-2017-9344HigJun 2, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.

  • CVE-2017-9343HigJun 2, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.

  • CVE-2017-7748HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.

  • CVE-2017-7747HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.

  • CVE-2017-7746HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.

  • CVE-2017-7745HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.

  • CVE-2017-7705HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum…

  • CVE-2017-7704HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.

  • CVE-2017-7703HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.

  • CVE-2017-7702HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.

  • CVE-2017-7701HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.

  • CVE-2016-7958HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector.

  • CVE-2016-7957HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings.

  • CVE-2017-6474HigMar 4, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes.

  • CVE-2017-6473HigMar 4, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets.

  • CVE-2017-6472HigMar 4, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value.

  • CVE-2017-6471HigMar 4, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length.

  • CVE-2017-6470HigMar 4, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness.

  • CVE-2017-6469HigMar 4, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure.

  • CVE-2017-6468HigMar 4, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records.

Page 6 of 37