EUVD-2020-17068

Malware in sbrugna...

PT-2024-1846 · Wireshark +2 · Wireshark +2

Name of the Vulnerable Software and Affected Versions: Wireshark versions prior to 4.2.0 Description: The issue is related to a buffer overflow in the pan/addr resolv.c component of Wireshark, which can be exploited by a remote attacker to cause a denial of service. The ws manuf lookup str functi...

CVE-2020-24334

The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in...

CVE-2020-17440

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that jumps over domain...

CVE-2020-17439

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query wi...

CVE-2020-17440

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that jumps over domain...

CVE-2016-2225

The readetchostsr function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service infinite loop via a crafted packet...

CVE-2016-2225

The readetchostsr function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service infinite loop via a crafted packet...

CVE-2016-2224

CVE-2016-2224 affects the C library uClibc-ng: the __decode_dotted function in libc/inet/resolv.c is vulnerable in builds before 1.0.12, allowing remote DNS servers to trigger a denial of service (infinite loop) by sending specially crafted DNS replies with compressed items. Impact is a network-e...

DLA-561-1 uclibc - security update

Bulletin has no description...

CVE-2014-4883

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets...