VYPR

Wireshark

by Wireshark

Source repositories

CVEs (736)

  • CVE-2016-4082MedApr 25, 2016
    risk 0.39cvss 5.9epss 0.02

    epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted…

  • CVE-2016-4081MedApr 25, 2016
    risk 0.39cvss 5.9epss 0.02

    epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

  • CVE-2016-4080MedApr 25, 2016
    risk 0.39cvss 5.9epss 0.02

    epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

  • CVE-2016-4079MedApr 25, 2016
    risk 0.39cvss 5.9epss 0.02

    epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

  • CVE-2016-4078MedApr 25, 2016
    risk 0.39cvss 5.9epss 0.02

    The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to…

  • CVE-2016-4077MedApr 25, 2016
    risk 0.39cvss 5.9epss 0.02

    epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.

  • CVE-2016-4006MedApr 25, 2016
    risk 0.39cvss 5.9epss 0.02

    epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.

  • CVE-2016-2532MedFeb 28, 2016
    risk 0.39cvss 5.9epss 0.02

    The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application…

  • CVE-2016-2531MedFeb 28, 2016
    risk 0.39cvss 5.9epss 0.02

    Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a…

  • CVE-2016-2530MedFeb 28, 2016
    risk 0.39cvss 5.9epss 0.03

    The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and…

  • CVE-2016-2528MedFeb 28, 2016
    risk 0.39cvss 5.9epss 0.02

    The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted…

  • CVE-2016-2526MedFeb 28, 2016
    risk 0.39cvss 5.9epss 0.02

    epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

  • CVE-2016-2525MedFeb 28, 2016
    risk 0.39cvss 5.9epss 0.03

    epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.

  • CVE-2016-2523MedFeb 28, 2016
    risk 0.39cvss 5.9epss 0.03

    The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

  • CVE-2016-2522MedFeb 28, 2016
    risk 0.39cvss 5.9epss 0.02

    The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and…

  • CVE-2015-8739MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.04

    The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted…

  • CVE-2015-8736MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.05

    The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.

  • CVE-2015-8735MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.04

    The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application…

  • CVE-2015-8733MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.04

    The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial…

  • CVE-2015-8732MedJan 4, 2016
    risk 0.39cvss 5.5epss 0.05

    The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial…

Page 9 of 37