828 matches found
CVE-2016-5356
Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 contains a vulnerability CVE-2016-5356 in the CoSine file parser (wiretap/cosine.c) where sscanf unsigned-integer processing is mishandled, enabling a remote attacker to cause a denial of service (application crash) via a crafted file.
Wireshark 1.12.x < 1.12.12 Multiple DoS
The version of Wireshark installed on the remote Windows host is 1.12.x prior to 1.12.12. It is, therefore, affected by multiple denial of service vulnerabilities : - An infinite loop exists in the SPOOLs dissector. A remote attacker, via a specially crafted packet or trace file, can exploit this...
Wireshark 2.0.x < 2.0.4 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 2.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.4 advisory. - epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the...
Updated wireshark packages fix security vulnerability
Updated wireshark packages fix security vulnerabilities: The SPOOLS dissector could go into an infinite loop CVE-2016-5350. The IEEE 802.11 dissector could crash CVE-2016-5351. The IEEE 802.11 dissector could crash CVE-2016-5352. The UMTS FP dissector could crash CVE-2016-5353. Some USB dissector...
Wireshark CoSine File Parser Heap Buffer Overflow Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A heap buffer overflow vulnerability exists in Wireshark's CoSine file parser. A remote...
Wireshark Toshiba File Parser Heap Buffer Overflow Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A heap buffer overflow vulnerability exists in Wireshark's Toshiba file parser. This...
Wireshark NetScreen File Parser Heap Buffer Overflow Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A heap buffer overflow vulnerability exists in Wireshark's NetScreen file parser. It...
CVE-2016-5356
wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...
CVE-2016-5355
wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...
wireshark -- multiple vulnerabilities
Wireshark development team reports: The following vulnerabilities have been fixed: wnpa-sec-2016-29 The SPOOLS dissector could go into an infinite loop. Discovered by the CESG. wnpa-sec-2016-30 The IEEE 802.11 dissector could crash. Bug 11585 wnpa-sec-2016-31 The IEEE 802.11 dissector could crash...
CVE-2016-4415
Wireshark 2.x before 2.0.2 is affected by CVE-2016-4415 due to a bug in wiretap/vwr.c (IxVeriWave file parser) that incorrectly increases an octet count. A remote attacker can craft a file to trigger a heap-based buffer overflow, causing a denial of service (application crash). A fix is available...
wireshark-gtk: denial of service
CVE-2016-2522: The dissectberconstrainedbitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service out-of-bounds read and application...
FreeBSD : wireshark -- multiple vulnerabilities (42c2c422-df55-11e5-b2bd-002590263bf5)
Wireshark development team reports : The following vulnerabilities have been fixed : - wnpa-sec-2015-31 NBAP dissector crashes. Bug 11602, Bug 11835, Bug 11841 - wnpa-sec-2015-37 NLM dissector crash. - wnpa-sec-2015-39 BER dissector crash. - wnpa-sec-2015-40 Zlib decompression crash. Bug 11548 -...
CVE-2016-2529
The iseriescheckfiletype function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a craft...
DEBIAN-CVE-2016-2529
The iseriescheckfiletype function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a craft...
CVE-2016-2527
wiretap/nettrace3gpp32423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash via a...
DEBIAN-CVE-2016-2527
wiretap/nettrace3gpp32423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash via a...
Out-of-bounds
The iseriescheckfiletype function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a craft...
CVE-2016-2529
The iseriescheckfiletype function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a craft...
CVE-2016-2529
The iseriescheckfiletype function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a craft...