PT-2023-17396 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.12 Wireshark versions 4.0.0 through 4.0.4 Description: The issue allows for denial of service via packet injection or crafted capture file, causing the GQUIC dissector in Wireshark to crash. Recommendation...

PT-2021-23448 · Wireshark +2 · Wireshark +2

Name of the Vulnerable Software and Affected Versions: Wireshark version 3.6.0 Description: The issue is related to a large loop in the Kafka dissector, which allows for denial of service via packet injection or crafted capture file. Recommendations: For Wireshark version 3.6.0, consider disablin...

PT-2021-6887 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.4.0 through 3.4.10 Wireshark version 3.6.0 Description: The issue is related to a crash in the Sysdig Event dissector, which can be exploited to cause a denial of service via packet injection or crafted capture file. This...

PT-2005-1146 · Ethereal +1 · Ethereal +1

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.10.6 through 0.10.8 Description: The issue is related to an unknown vulnerability in the Gnutella dissector, which allows remote attackers to cause a denial of service, resulting in an application crash. Recommendations: F...

Ethereal fails to properly handle malformed iSNS packets

Overview Ethereal contains a vulnerability in the way it processes Internet Storage Name Service iSNS packets. Description The Internet Storage Name Service iSNS protocol is used to automate the discovery, management, and configuration of iSCSI and Fibre Channel devices in an IP network. Ethereal...

Ethereal fails to properly decode Transaction IDs within TCAP packets

Overview Ethereal contains a vulnerability in the way the Transaction Capabilities Application Part TCAP protocol dissector parses ASN.1 encoded Transaction IDs within TCAP packets. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing TC...

Ethereal ISUP protocol dissector fails to properly decode ISUP packets

Overview Ethereal fails to properly decode ISDN User Part ISUP packets containing an overly long Interworking Function Address IWFA value. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing ISUP data. There is a vulnerability in the wa...

Ethereal contains multiple vulnerabilities in the UCP protocol dissector

Overview Ethereal contains multiple buffer overflows in the Universal Control Protocol UCP protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It includes the ability to...

Ethereal integer underflow when parsing malformed PGM packets with NAK lists

Overview Ethereal fails to properly parse Pragmatic General Multicast PGM packets containing a crafted negative acknowledgement NAK list. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing PGM data. There is a vulnerability in the way...