CLSA-2026-1775039763 wireshark: Fix of 11 CVEs

CVE-2023-6175: fix heap buffer overflow in NetScreen file parser - CVE-2024-0208: fix crash in GVCP dissector due to NULL string - CVE-2024-0209: fix uncontrolled recursion in ASN.1 dissectors - CVE-2024-0211: fix infinite loop in DOCSIS dissector - CVE-2024-2955: fix use-after-free in T.38...

CLSA-2026-1775032927 wireshark: Fix of 11 CVEs

CVE-2023-6175: fix heap buffer overflow in NetScreen file parser - CVE-2024-0208: fix crash in GVCP dissector due to NULL string - CVE-2024-0209: fix uncontrolled recursion in ASN.1 dissectors - CVE-2024-0211: fix infinite loop in DOCSIS dissector - CVE-2024-2955: fix use-after-free in T.38...

Linux Distros Unpatched Vulnerability : CVE-2021-46837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - respjsipt38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to...

Medium: wireshark

Issue Overview: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file CVE-2024-2955 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.4.20240429 or dnf update --advisory...

Medium: wireshark

Issue Overview: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file CVE-2024-2955 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

The vulnerability of the T.38 discanner, a traffic analysis tool for computer networks used by Wireshark, allows a hacker to cause a service failure.

The vulnerability of the T.38 discapper, a traffic analysis tool for computer networks developed by Wireshark, is related to unsynchronized memory management. Exploiting this vulnerability can allow an attacker to cause a service failure by sending a specially crafted file or packet...

Wireshark 安全漏洞

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in Wireshark versions 4.2.0 through 4.2.3 and 4.0.0 through...

SUSE CVE-2015-8716

The initt38infoconv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service application crash via a crafted packet...

UBUNTU-CVE-2021-26717

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this...

DEBIAN-CVE-2019-18976

An issue was discovered in respjsipt38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940...

Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk Code Issue Vulnerabilities

Sangoma Technologies Asterisk and Sangoma Technologies Certified Asterisk are both products of Sangoma Technologies, a Canadian company.Sangoma Technologies Asterisk is a suite of open source telephone switch PBX system software. Sangoma Technologies Asterisk is an open source telephone exchange...

DEBIAN-CVE-2019-15297

respjsipt38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference...

PT-2019-14037 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 13.21-cert4 through 15.7.3 Sangoma Asterisk versions 16.5.0 Description: The issue allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash...

Wireshark T.38 Parser Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. Wireshark version 1.12.x prior to 1.12.9, the function initt38infoconv in epan/dissectors/packet-t38.c in the T.38 parser fails to ensure that the conversation exits or not, and by constructing a packet, a remote attacker can cause a denial o...

Asterisk VoIP server buffer overflow

Multiple buffer overflows if T38 fax over SIP is enabled...

CVE-2007-2293

Multiple stack-based buffer overflows in the processsdp function in chansip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long 1 T38FaxRateManagement or 2 T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP...