The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
wireshark: free operation on an uninitialized memory address in wiretap/netmon.c (CVE-2018-6836)
The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. (CVE-2016-2523)
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. (CVE-2016-2530)
Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. (CVE-2016-2531)
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
(CVE-2016-2532)
epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. (CVE-2016-4006)
epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2016-4076)
epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. (CVE-2016-4077)
The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. (CVE-2016-4078)
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of- bounds write and application crash) via a crafted packet. (CVE-2016-4079)
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of- bounds read and application crash) via a crafted packet. (CVE-2016-4080)
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. (CVE-2016-4081)
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. (CVE-2016-4082)
epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2016-4083)
Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. (CVE-2016-4084)
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. (CVE-2016-4085)
Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. (CVE-2016-4417)
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. (CVE-2016-4418)
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. (CVE-2016-4421)
epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. (CVE-2016-5350)
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2016-5351)
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2016-5352)
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2016-5353)
The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
(CVE-2016-5354)
wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-5355)
wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-5356)
wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-5357)
epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2016-5358)
epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. (CVE-2016-5359)
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. (CVE-2016-6505)
epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. (CVE-2016-6506)
epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. (CVE-2016-6507)
epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. (CVE-2016-6508)
epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2016-6509)
Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. (CVE-2016-6510)
epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. (CVE-2016-6511)
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. (CVE-2016-6512)
epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2016-6513)
epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. (CVE-2016-7175)
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. (CVE-2016-7176)
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. (CVE-2016-7177)
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. (CVE-2016-7178)
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2016-7179)
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. (CVE-2016-7180)
In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven- byte memcmp for potentially shorter strings. (CVE-2016-7957)
In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. (CVE-2016-7958)
In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. (CVE-2016-9372)
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.
(CVE-2016-9373)
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. (CVE-2016-9374)
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. (CVE-2016-9375)
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. (CVE-2016-9376)
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.
(CVE-2017-11406)
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.
(CVE-2017-11407)
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. (CVE-2017-11408)
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. (CVE-2017-11409)
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet- wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. (CVE-2017-11410)
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. (CVE-2017-11411)
In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. (CVE-2017-13764)
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
(CVE-2017-13765)
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write.
This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. (CVE-2017-13766)
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. (CVE-2017-13767)
In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. (CVE-2017-15189)
In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet- rtsp.c by correcting the scope of a variable. (CVE-2017-15190)
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. (CVE-2017-15191)
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. (CVE-2017-15192)
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory.
This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.
(CVE-2017-15193)
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. (CVE-2017-17083)
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (CVE-2017-17084)
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. (CVE-2017-17085)
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip ‘\n’ characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
(CVE-2017-17935)
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. (CVE-2017-17997)
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet- asterix.c by changing a data type to avoid an integer overflow. (CVE-2017-5596)
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. (CVE-2017-5597)
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. (CVE-2017-6014)
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. (CVE-2017-6467)
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. (CVE-2017-6468)
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. (CVE-2017-6469)
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. (CVE-2017-6470)
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. (CVE-2017-6471)
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. (CVE-2017-6472)
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. (CVE-2017-6473)
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes.
(CVE-2017-6474)
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. (CVE-2017-7700)
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet- bgp.c by using a different integer data type. (CVE-2017-7701)
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet- wbxml.c by adding length validation. (CVE-2017-7702)
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line’s end correctly. (CVE-2017-7703)
In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. (CVE-2017-7704)
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.
(CVE-2017-7705)
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet- sigcomp.c by correcting a memory-size check. (CVE-2017-7745)
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet- slsk.c by adding checks for the remaining length. (CVE-2017-7746)
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. (CVE-2017-7747)
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet- wsp.c by adding a length check. (CVE-2017-7748)
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. (CVE-2017-9343)
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. (CVE-2017-9344)
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
(CVE-2017-9345)
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop.
This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. (CVE-2017-9346)
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. (CVE-2017-9347)
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. (CVE-2017-9348)
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. (CVE-2017-9349)
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
(CVE-2017-9350)
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer.
This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. (CVE-2017-9351)
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
(CVE-2017-9352)
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet- ipv6.c by validating an IPv6 address. (CVE-2017-9353)
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. (CVE-2017-9354)
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. (CVE-2017-9616)
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. (CVE-2017-9617)
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn- io.c. (CVE-2017-9766)
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. (CVE-2018-11358)
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. (CVE-2018-19625)
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. (CVE-2018-5334)
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. (CVE-2018-5335)
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash.
This was addressed in epan/tvbparse.c by limiting the recursion depth. (CVE-2018-5336)
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. (CVE-2019-9209)
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. (CVE-2020-26421)
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file (CVE-2021-22207)
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file (CVE-2023-0411)
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file (CVE-2023-0412)
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file (CVE-2023-0413)
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file (CVE-2023-0414)
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file (CVE-2023-0415)
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file (CVE-2023-0416)
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file (CVE-2023-0417)
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. (CVE-2023-0666)
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. (CVE-2023-0668)
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file (CVE-2023-1161)
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file (CVE-2023-1992)
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file (CVE-2023-1993)
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file (CVE-2023-1994)
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file (CVE-2023-2854, CVE-2023-2857)
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file (CVE-2023-2855)
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file (CVE-2023-2856)
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file (CVE-2023-2858)
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.
(CVE-2023-2906)
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file (CVE-2023-2952)
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file (CVE-2023-4511)
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file (CVE-2023-4512)
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file (CVE-2023-4513)
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file (CVE-2023-5371)
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file (CVE-2023-6174)
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file (CVE-2023-6175)
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file (CVE-2024-2955)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory wireshark. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(196709);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");
script_cve_id(
"CVE-2016-2523",
"CVE-2016-2530",
"CVE-2016-2531",
"CVE-2016-2532",
"CVE-2016-4006",
"CVE-2016-4076",
"CVE-2016-4077",
"CVE-2016-4078",
"CVE-2016-4079",
"CVE-2016-4080",
"CVE-2016-4081",
"CVE-2016-4082",
"CVE-2016-4083",
"CVE-2016-4084",
"CVE-2016-4085",
"CVE-2016-4417",
"CVE-2016-4418",
"CVE-2016-4421",
"CVE-2016-5350",
"CVE-2016-5351",
"CVE-2016-5352",
"CVE-2016-5353",
"CVE-2016-5354",
"CVE-2016-5355",
"CVE-2016-5356",
"CVE-2016-5357",
"CVE-2016-5358",
"CVE-2016-5359",
"CVE-2016-6505",
"CVE-2016-6506",
"CVE-2016-6507",
"CVE-2016-6508",
"CVE-2016-6509",
"CVE-2016-6510",
"CVE-2016-6511",
"CVE-2016-6512",
"CVE-2016-6513",
"CVE-2016-7175",
"CVE-2016-7176",
"CVE-2016-7177",
"CVE-2016-7178",
"CVE-2016-7179",
"CVE-2016-7180",
"CVE-2016-7957",
"CVE-2016-7958",
"CVE-2016-9372",
"CVE-2016-9373",
"CVE-2016-9374",
"CVE-2016-9375",
"CVE-2016-9376",
"CVE-2017-5596",
"CVE-2017-5597",
"CVE-2017-6014",
"CVE-2017-6467",
"CVE-2017-6468",
"CVE-2017-6469",
"CVE-2017-6470",
"CVE-2017-6471",
"CVE-2017-6472",
"CVE-2017-6473",
"CVE-2017-6474",
"CVE-2017-7700",
"CVE-2017-7701",
"CVE-2017-7702",
"CVE-2017-7703",
"CVE-2017-7704",
"CVE-2017-7705",
"CVE-2017-7745",
"CVE-2017-7746",
"CVE-2017-7747",
"CVE-2017-7748",
"CVE-2017-9343",
"CVE-2017-9344",
"CVE-2017-9345",
"CVE-2017-9346",
"CVE-2017-9347",
"CVE-2017-9348",
"CVE-2017-9349",
"CVE-2017-9350",
"CVE-2017-9351",
"CVE-2017-9352",
"CVE-2017-9353",
"CVE-2017-9354",
"CVE-2017-9616",
"CVE-2017-9617",
"CVE-2017-9766",
"CVE-2017-11406",
"CVE-2017-11407",
"CVE-2017-11408",
"CVE-2017-11409",
"CVE-2017-11410",
"CVE-2017-11411",
"CVE-2017-13764",
"CVE-2017-13765",
"CVE-2017-13766",
"CVE-2017-13767",
"CVE-2017-15189",
"CVE-2017-15190",
"CVE-2017-15191",
"CVE-2017-15192",
"CVE-2017-15193",
"CVE-2017-17083",
"CVE-2017-17084",
"CVE-2017-17085",
"CVE-2017-17935",
"CVE-2017-17997",
"CVE-2018-5334",
"CVE-2018-5335",
"CVE-2018-5336",
"CVE-2018-6836",
"CVE-2018-11358",
"CVE-2018-19625",
"CVE-2019-9209",
"CVE-2020-26421",
"CVE-2021-22207",
"CVE-2023-0411",
"CVE-2023-0412",
"CVE-2023-0413",
"CVE-2023-0414",
"CVE-2023-0415",
"CVE-2023-0416",
"CVE-2023-0417",
"CVE-2023-0666",
"CVE-2023-0668",
"CVE-2023-1161",
"CVE-2023-1992",
"CVE-2023-1993",
"CVE-2023-1994",
"CVE-2023-2854",
"CVE-2023-2855",
"CVE-2023-2856",
"CVE-2023-2857",
"CVE-2023-2858",
"CVE-2023-2906",
"CVE-2023-2952",
"CVE-2023-4511",
"CVE-2023-4512",
"CVE-2023-4513",
"CVE-2023-5371",
"CVE-2023-6174",
"CVE-2023-6175",
"CVE-2024-2955"
);
script_name(english:"RHEL 7 : wireshark (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- wireshark: free operation on an uninitialized memory address in wiretap/netmon.c (CVE-2018-6836)
- The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark
1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service
(infinite loop) via a crafted packet. (CVE-2016-2523)
- The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark
1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows
remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted
packet, a different vulnerability than CVE-2016-2531. (CVE-2016-2530)
- Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10
and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and
application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than
CVE-2016-2530. (CVE-2016-2531)
- The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark
1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote
attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
(CVE-2016-2532)
- epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree
depth, which allows remote attackers to cause a denial of service (stack memory consumption and
application crash) via a crafted packet. (CVE-2016-4006)
- epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly
initialize memory for search patterns, which allows remote attackers to cause a denial of service
(application crash) via a crafted packet. (CVE-2016-4076)
- epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of
truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free
and application crash) via a crafted packet. (CVE-2016-4077)
- The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly
restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and
application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and
epan/dissectors/packet-ieee80211.c. (CVE-2016-4078)
- epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before
2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-
bounds write and application crash) via a crafted packet. (CVE-2016-4079)
- epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before
2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-
bounds read and application crash) via a crafted packet. (CVE-2016-4080)
- epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before
2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service
(infinite loop) via a crafted packet. (CVE-2016-4081)
- epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x
before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of
service (out-of-bounds access and application crash) via a crafted packet. (CVE-2016-4082)
- epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure
that data is available before array allocation, which allows remote attackers to cause a denial of service
(application crash) via a crafted packet. (CVE-2016-4083)
- Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x
before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash)
via a crafted packet that triggers an unexpected array size. (CVE-2016-4084)
- Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x
before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a long string in a packet. (CVE-2016-4085)
- Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark
1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer
over-read and application crash) via a crafted packet that triggers a 0xff tag value. (CVE-2016-4417)
- epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before
2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a
crafted packet that triggers an empty set. (CVE-2016-4418)
- epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before
2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and
application crash) via a packet that specifies deeply nested data. (CVE-2016-4421)
- epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x
before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service
(infinite loop) via a crafted packet. (CVE-2016-5350)
- epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4
mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service
(application crash) via a crafted packet. (CVE-2016-5351)
- epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length
values, which allows remote attackers to cause a denial of service (application crash) via a crafted
packet. (CVE-2016-5352)
- epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x
before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service
(application crash) via a crafted packet. (CVE-2016-5353)
- The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which
allows remote attackers to cause a denial of service (application crash) via a crafted packet.
(CVE-2016-5354)
- wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4
mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service
(application crash) via a crafted file. (CVE-2016-5355)
- wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4
mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service
(application crash) via a crafted file. (CVE-2016-5356)
- wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4
mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service
(application crash) via a crafted file. (CVE-2016-5357)
- epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the
packet-header data type, which allows remote attackers to cause a denial of service (application crash)
via a crafted packet. (CVE-2016-5358)
- epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles
offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop)
via a crafted packet. (CVE-2016-5359)
- epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x
before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application
crash) via a crafted packet. (CVE-2016-6505)
- epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5
allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. (CVE-2016-6506)
- epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote
attackers to cause a denial of service (infinite loop) via a crafted packet. (CVE-2016-6507)
- epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5
uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large
loop) via a crafted packet. (CVE-2016-6508)
- epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before
2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application
crash) via a crafted packet. (CVE-2016-6509)
- Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13
and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and
application crash) via a crafted packet. (CVE-2016-6510)
- epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a
denial of service (OpenFlow dissector large loop) via a crafted packet. (CVE-2016-6511)
- epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar
function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet,
related to the MMSE, WAP, WBXML, and WSP dissectors. (CVE-2016-6512)
- epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the
recursion depth, which allows remote attackers to cause a denial of service (application crash) via a
crafted packet. (CVE-2016-6513)
- epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC
address data, which allows remote attackers to cause a denial of service (out-of-bounds read and
application crash) via a crafted packet. (CVE-2016-7175)
- epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one
of its input buffers as the output buffer, which allows remote attackers to cause a denial of service
(copy overlap and application crash) via a crafted packet. (CVE-2016-7176)
- epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6
does not restrict the number of channels, which allows remote attackers to cause a denial of service
(buffer over-read and application crash) via a crafted packet. (CVE-2016-7177)
- epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure
that memory is allocated for certain data structures, which allows remote attackers to cause a denial of
service (invalid write access and application crash) via a crafted packet. (CVE-2016-7178)
- Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector
in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via
a crafted packet. (CVE-2016-7179)
- epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not
properly consider whether a string is constant, which allows remote attackers to cause a denial of service
(use-after-free and application crash) via a crafted packet. (CVE-2016-7180)
- In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a
malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-
byte memcmp for potentially shorter strings. (CVE-2016-7957)
- In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture
file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. (CVE-2016-7958)
- In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network
traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input
with too many I/O objects. (CVE-2016-9372)
- In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free,
triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c
and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.
(CVE-2016-9373)
- In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read,
triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by
ensuring that a length variable properly tracked the state of a signature variable. (CVE-2016-9374)
- In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop,
triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by
checking whether SDNV evaluation was successful. (CVE-2016-9375)
- In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion,
triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c
by ensuring that certain length values were sufficiently large. (CVE-2016-9376)
- In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This
was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.
(CVE-2017-11406)
- In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in
epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.
(CVE-2017-11407)
- In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in
epan/dissectors/packet-amqp.c by checking for successful list dissection. (CVE-2017-11408)
- In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in
epan/dissectors/packet-gprs-llc.c by using a different integer data type. (CVE-2017-11409)
- In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop,
triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-
wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2017-7702. (CVE-2017-11410)
- In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust
system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. (CVE-2017-11411)
- In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed
in epan/dissectors/packet-mbtcp.c by adding length validation. (CVE-2017-13764)
- In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and
application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
(CVE-2017-13765)
- In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write.
This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. (CVE-2017-13766)
- In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite
loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. (CVE-2017-13767)
- In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in
plugins/docsis/packet-docsis.c by adding decrements. (CVE-2017-15189)
- In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-
rtsp.c by correcting the scope of a variable. (CVE-2017-15190)
- In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was
addressed in epan/dissectors/packet-dmp.c by validating a string length. (CVE-2017-15191)
- In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in
epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same
encapsulation level. (CVE-2017-15192)
- In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory.
This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.
(CVE-2017-15193)
- In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in
epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a
buffer. (CVE-2017-17083)
- In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed
in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (CVE-2017-17084)
- In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed
in epan/dissectors/packet-cipsafety.c by validating the packet length. (CVE-2017-17085)
- The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip
'\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and
application crash) via a crafted packet that triggers the attempted processing of an empty line.
(CVE-2017-17935)
- In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in
epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to
CVE-2017-9343. (CVE-2017-17997)
- In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop,
triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-
asterix.c by changing a data type to avoid an integer overflow. (CVE-2017-5596)
- In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered
by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by
changing a data type to avoid an integer overflow. (CVE-2017-5597)
- In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite
loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from
will not advance, causing continuous attempts to read the same zero length packet. This will quickly
exhaust all system memory. (CVE-2017-6014)
- In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered
by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on
file size. (CVE-2017-6467)
- In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a
malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between
pages and records. (CVE-2017-6468)
- In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet
injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring
that memory is allocated for a certain data structure. (CVE-2017-6469)
- In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet
injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining
packet lateness. (CVE-2017-6470)
- In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet
injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating
the capability length. (CVE-2017-6471)
- In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by
packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by
properly incrementing a certain sequence value. (CVE-2017-6472)
- In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a
malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between
lengths and offsets. (CVE-2017-6473)
- In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered
by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes.
(CVE-2017-6474)
- In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop,
triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero
record size. (CVE-2017-7700)
- In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop,
triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-
bgp.c by using a different integer data type. (CVE-2017-7701)
- In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop,
triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-
wbxml.c by adding length validation. (CVE-2017-7702)
- In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet
injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating
a line's end correctly. (CVE-2017-7703)
- In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet
injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a
different integer data type and adjusting a return value. (CVE-2017-7704)
- In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite
loop, triggered by packet injection or a malformed capture file. This was addressed in
epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.
(CVE-2017-7705)
- In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop,
triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-
sigcomp.c by correcting a memory-size check. (CVE-2017-7745)
- In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop,
triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-
slsk.c by adding checks for the remaining length. (CVE-2017-7746)
- In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet
injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by
restricting additions to the protocol tree. (CVE-2017-7747)
- In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop,
triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-
wsp.c by adding a length check. (CVE-2017-7748)
- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was
addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. (CVE-2017-9343)
- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This
was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. (CVE-2017-9344)
- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This
was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
(CVE-2017-9345)
- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop.
This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. (CVE-2017-9346)
- In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was
addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. (CVE-2017-9347)
- In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in
epan/dissectors/packet-dof.c by validating a size value. (CVE-2017-9348)
- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was
addressed in epan/dissectors/packet-dcm.c by validating a length value. (CVE-2017-9349)
- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system
memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
(CVE-2017-9350)
- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer.
This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more
carefully. (CVE-2017-9351)
- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This
was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
(CVE-2017-9352)
- In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-
ipv6.c by validating an IPv6 address. (CVE-2017-9353)
- In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in
epan/dissectors/packet-rgmp.c by validating an IPv4 address. (CVE-2017-9354)
- In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the
dissect_mp4_box function in epan/dissectors/file-mp4.c. (CVE-2017-9616)
- In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the
dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. (CVE-2017-9617)
- In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial
of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-
io.c. (CVE-2017-9766)
- In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was
addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented
certain cleanup. (CVE-2018-11358)
- In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in
epan/tvbuff_composite.c by preventing a heap-based buffer over-read. (CVE-2018-19625)
- In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was
addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. (CVE-2018-5334)
- In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in
epan/dissectors/packet-wcp.c by validating the available buffer length. (CVE-2018-5335)
- In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash.
This was addressed in epan/tvbparse.c by limiting the recursion depth. (CVE-2018-5336)
- In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This
was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive
digits in time values. (CVE-2019-9209)
- Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8
allows denial of service via packet injection or crafted capture file. (CVE-2020-26421)
- Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows
denial of service via packet injection or crafted capture file (CVE-2021-22207)
- Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial
of service via packet injection or crafted capture file (CVE-2023-0411)
- TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via
packet injection or crafted capture file (CVE-2023-0412)
- Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via
packet injection or crafted capture file (CVE-2023-0413)
- Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or
crafted capture file (CVE-2023-0414)
- iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via
packet injection or crafted capture file (CVE-2023-0415)
- GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via
packet injection or crafted capture file (CVE-2023-0416)
- Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of
service via packet injection or crafted capture file (CVE-2023-0417)
- Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version
4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution
in the context of the process running Wireshark. (CVE-2023-0666)
- Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark
version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code
execution in the context of the process running Wireshark. (CVE-2023-0668)
- ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of
service via packet injection or crafted capture file (CVE-2023-1161)
- RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via
packet injection or crafted capture file (CVE-2023-1992)
- LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via
packet injection or crafted capture file (CVE-2023-1993)
- GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet
injection or crafted capture file (CVE-2023-1994)
- BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted
capture file (CVE-2023-2854, CVE-2023-2857)
- Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via
crafted capture file (CVE-2023-2855)
- VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service
via crafted capture file (CVE-2023-2856)
- NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via
crafted capture file (CVE-2023-2858)
- Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark
versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.
(CVE-2023-2906)
- XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via
packet injection or crafted capture file (CVE-2023-2952)
- BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service
via packet injection or crafted capture file (CVE-2023-4511)
- CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted
capture file (CVE-2023-4512)
- BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via
packet injection or crafted capture file (CVE-2023-4513)
- RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via
packet injection or crafted capture file (CVE-2023-5371)
- SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted
capture file (CVE-2023-6174)
- NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via
crafted capture file (CVE-2023-6175)
- T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet
injection or crafted capture file (CVE-2024-2955)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6836");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wireshark");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'wireshark', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'wireshark'}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'wireshark');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4079
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4082
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4085
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4421
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6513
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7175
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7177
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7178
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7179
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9372
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9374
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9375
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11406
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11410
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11411
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13765
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15191
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15193
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17085
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6467
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6468
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6471
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6472
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6473
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6474
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7704
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7705
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7746
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7747
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9347
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5334
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5335
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5336
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26421
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0411
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0413
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0414
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0415
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0416
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0668
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1994
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2854
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2855
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2856
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2858
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2906
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4513
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5371
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6175
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2955