CVE-2015-3810

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...

UBUNTU-CVE-2015-3810

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...

CVE-2015-3810

CVE-2015-3810 affects Wireshark 1.12.x before 1.12.5, where the WebSocket dissector (epan/dissectors/packet-websocket.c) uses a recursive algorithm that can be triggered by a crafted packet, causing denial of service via CPU exhaustion. Connected advisories confirm multiple vendors/publications (...

CVE-2015-3810

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...

openSUSE Security Update : Wireshark (openSUSE-2015-379)

Wireshark was updated to 1.12.5 to fix security issues and bugs. The following vulnerabilities have been fixed : - CVE-2015-3808, CVE-2015-3809: The LBMR dissector could go into an infinite loop. wnpa-sec-2015-12 - CVE-2015-3810: The WebSocket dissector could recurse excessively. wnpa-sec-2015-13...

wireshark-qt: denial of service

CVE-2015-3808 denial of service There is an infinite loop condition in dissectlbmrpser in epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the variable 'optionlen' to 0, causing the loop to never terminate. This issue is leading to excessive CPU resources consumption by...

wireshark-gtk: denial of service

CVE-2015-3808 denial of service There is an infinite loop condition in dissectlbmrpser in epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the variable 'optionlen' to 0, causing the loop to never terminate. This issue is leading to excessive CPU resources consumption by...

Wireshark Websocket Parser Remote Denial of Service Vulnerability (CNVD-2015-03170)

Wireshark is the most popular network protocol parser. A remote denial of service vulnerability exists in the Websocket parser in Wireshark versions 1.12.0-1.12.4. An attacker exploiting this vulnerability could exhaust CPU resources and cause a denial of service...

Wireshark 1.10.x < 1.10.14 / 1.12.x < 1.12.5 Multiple DoS Vulnerabilities

The version of Wireshark installed on the remote Windows host is 1.10.x prior to 1.10.14, or 1.12.x prior to 1.12.5. It is, therefore, affected by various denial of service vulnerabilities in the following items : - LBMR dissector CVE-2015-3808, CVE-2015-3809 - WebSocket dissector CVE-2015-3810 -...

netty: DoS via memory exhaustion during data aggregation

A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...

wireshark -- multiple vulnerabilities

Wireshark development team reports: The following vulnerabilities have been fixed. wnpa-sec-2015-12 The LBMR dissector could go into an infinite loop. Bug 11036 CVE-2015-3808, CVE-2015-3809 wnpa-sec-2015-13 The WebSocket dissector could recurse excessively. Bug 10989 CVE-2015-3810 wnpa-sec-2015-1...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2570-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2570-1 advisory. An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially...

Mandriva Linux Security Advisory : qemu (MDVSA-2015:210)

Updated qemu packages fix security vulnerabilities : A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table PRDT data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system rhbz1204919...

USN-2570-1: Oxide vulnerabilities

An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...

USN-2570-1 oxide-qt vulnerabilities

An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...

Google Chrome 'URLRequest::GetHSTSRedirect' Information Disclosure Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in the 'URLRequest::GetHSTSRedirect' function in the urlrequest/urlrequest.cc file in versions of Google Chrome prior to 42.0.2311.90, which stems from a program that failed to replace the ws scheme with the...

CVE-2015-1244

The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...

Design/Logic Flaw

The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...

CVE-2015-1244

The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...

CVE-2015-1244

CVE-2015-1244 affects Google Chrome prior to 42.0.2311.90. The issue lies in URLRequest::GetHSTSRedirect in url_request/url_request.cc, which does not replace the ws scheme with the wss scheme when an HSTS policy is active, enabling potential disclosure of sensitive WebSocket data via network sni...