42 matches found
PT-2023-35665 · Git +1 · Ntopng
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. The crash occurs in the Flow::dissectMDNS function, which is called by...
PT-2023-35612 · Git +1 · Ntopng
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow read issue is identified, associated with a crash in the NetworkInterface::dissectPacket function, as indicated by the crash state...
PT-2023-8694 · Wireshark +1 · Wireshark +1
Name of the Vulnerable Software and Affected Versions: Wireshark versions prior to 4.2.0 Description: The issue is related to a buffer overflow in the dissect bgp open function of Wireshark when handling extended BGP parameter formats. This can be exploited by a remote attacker to cause a denial ...
PT-2023-35870 · Git +1 · Ntopng
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue was identified, potentially causing a crash. The crash occurs in the NetworkInterface::dissectPacket function, as...
OSV-2023-251 Stack-buffer-overflow in ext11_work_out_bundles
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57494 Crash type: Stack-buffer-overflow WRITE 4 Crash state: ext11workoutbundles dissectorancsection dissectoran...
SUSE CVE-2013-2486
The dissectdiagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via crafted integer...
SUSE CVE-2017-9616
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion uncontrolled recursion in the dissectmp4box function in epan/dissectors/file-mp4.c...
wireshark/fuzzshark_ip_proto-udp: Heap-buffer-overflow in dissect_rtcp_rtpfb_transport_cc
Project: https://code.wireshark.org/review/wireshark Detailed report: https://oss-fuzz.com/testcase?key=5763596639272960 Project: wireshark Fuzzer: libFuzzerwiresharkfuzzsharkipproto-udp Fuzz target binary: fuzzsharkipproto-udp Job Type: libfuzzerasanwireshark Platform Id: linux Crash Type:...
The vulnerability of the skb_flow_dissect function in the flow_dissector.c file of the kernel’s Linux operating system allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the skbflowdissect function in the flowdissector.c file of the Linux kernel’s network subsystem is related to insufficient input validation. The function returns a value of true for the keycontrol protocol without setting values for nproto, ipproto, and thoff. Exploiting this...
CVE-2017-9616
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion uncontrolled recursion in the dissectmp4box function in epan/dissectors/file-mp4.c...
Wireshark 1.12.0 < 1.12.12 - NDS Dissector Denial of Service
Exploit for multiple platform in category dos / poc Sample generated with AFL Build Information: TShark 1.12.9 v1.12.9-0-gfadb421 from HEAD Copyright 1998-2015 Gerald Combs and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for...
Wireshark 1.12.0 < 1.12.12 - NDS Dissector Denial of Service
Sample generated with AFL Build Information: TShark 1.12.9 v1.12.9-0-gfadb421 from HEAD Copyright 1998-2015 Gerald Combs and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled...
The vulnerability of the Wireshark Network Protocol Analyzer software allows a remote attacker to compromise the accessibility of protected information.
A vulnerability exists in the dissectspdu function within the SES dissector in Wireshark, due to the lack of initialization for a certain identifier. Exploiting this vulnerability allows malicious actors operating remotely to cause a service failure abrupt termination of an application by using a...
The vulnerability of the Wireshark Network Protocol Analyzer software allows a remote attacker to compromise the accessibility of protected information.
The vulnerability of Wireshark’s dissectframe function, located in the epan/dissectors/packet-frame.c file, stems from the use of negative integers as packet length values. Exploiting this vulnerability allows a remote attacker to cause a service failure abrupt termination of the application by...
DEBIAN-CVE-2014-6426
The dissecthiptlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...
DEBIAN-CVE-2014-5161
The dissectlog function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service buffer underflow and application crash via a crafted packet...
CVE-2013-4922
CVE-2013-4922 is a double free vulnerability in the Wireshark DCOM ISystemActivator dissector (function dissect_dcom_sysact.c) affecting Wireshark 1.10.x before 1.10.1, leading to denial of service via crafted packets. Remediation: upgrade to Wireshark 1.10.1 or apply vendor patches; affected adv...
CVE-2013-3558
CVE-2013-3558 affects Wireshark’s PPP CCP dissector in the 1.8.x line. The vulnerable component is the dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c, which fails to terminate a bit-field list, enabling remote attackers to crash the application via a malformed packet. The adviso...
Wireshark: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet
Multiple stack consumption vulnerabilities in the dissectmscompressedstring and dissectmscldapstring functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service infinite recursion via a crafted 1 SMB or 2 Connection-less LDAP CLD...
security flaw
Stack-based buffer overflow in the dissectospfv3addressprefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions, allows remote attackers to execute arbitrary code via crafted packets...