Wireshark AirPDcapDecryptWPABroadcastKey - Heap Based Out-of-Bounds Read
2015-12-22T00:00:00
ID 1337DAY-ID-25748 Type zdt Reporter Google Security Research Modified 2015-12-22T00:00:00
Description
Exploit for multiple platform in category dos / poc
Source: https://code.google.com/p/google-security-research/issues/detail?id=657
The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark ("$ ./tshark -nVxr /path/to/file"):
--- cut ---
==6158==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200035b1df at pc 0x0000004aaf85 bp 0x7ffcdca29930 sp 0x7ffcdca290e0
READ of size 16 at 0x60200035b1df thread T0
#0 0x4aaf84 in __asan_memcpy llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:393
#1 0x7fc44e6a216a in AirPDcapDecryptWPABroadcastKey wireshark/epan/crypt/airpdcap.c:454:5
#2 0x7fc44e6a0fd6 in AirPDcapRsna4WHandshake wireshark/epan/crypt/airpdcap.c:1405:21
#3 0x7fc44e698b78 in AirPDcapScanForKeys wireshark/epan/crypt/airpdcap.c:563:13
#4 0x7fc44e69749b in AirPDcapPacketProcess wireshark/epan/crypt/airpdcap.c:695:21
#5 0x7fc44f596013 in dissect_ieee80211_common wireshark/epan/dissectors/packet-ieee80211.c:17767:9
#6 0x7fc44f569dae in dissect_ieee80211 wireshark/epan/dissectors/packet-ieee80211.c:18375:10
#7 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8
#8 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9
#9 0x7fc44e4f52be in call_dissector_only wireshark/epan/packet.c:2662:8
#10 0x7fc44e4e6ccf in call_dissector_with_data wireshark/epan/packet.c:2675:8
#11 0x7fc44f51c032 in dissect_wlan_radio wireshark/epan/dissectors/packet-ieee80211-radio.c:975:10
#12 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8
#13 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9
#14 0x7fc44e4f52be in call_dissector_only wireshark/epan/packet.c:2662:8
#15 0x7fc44e4e6ccf in call_dissector_with_data wireshark/epan/packet.c:2675:8
#16 0x7fc44f52d965 in dissect_radiotap wireshark/epan/dissectors/packet-ieee80211-radiotap.c:1796:2
#17 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8
#18 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9
#19 0x7fc44e4eadbd in dissector_try_uint_new wireshark/epan/packet.c:1148:9
#20 0x7fc44f1fa5f6 in dissect_frame wireshark/epan/dissectors/packet-frame.c:500:11
#21 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8
#22 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9
#23 0x7fc44e4f52be in call_dissector_only wireshark/epan/packet.c:2662:8
#24 0x7fc44e4e6ccf in call_dissector_with_data wireshark/epan/packet.c:2675:8
#25 0x7fc44e4e633b in dissect_record wireshark/epan/packet.c:501:3
#26 0x7fc44e4943c9 in epan_dissect_run_with_taps wireshark/epan/epan.c:373:2
#27 0x5264eb in process_packet wireshark/tshark.c:3728:5
#28 0x51f960 in load_cap_file wireshark/tshark.c:3484:11
#29 0x515daf in main wireshark/tshark.c:2197:13
0x60200035b1df is located 0 bytes to the right of 15-byte region [0x60200035b1d0,0x60200035b1df)
allocated by thread T0 here:
#0 0x4c0bc8 in malloc llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40
#1 0x7fc446a1c610 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e610)
SUMMARY: AddressSanitizer: heap-buffer-overflow llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:393 in __asan_memcpy
Shadow bytes around the buggy address:
0x0c04800635e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c04800635f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480063600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480063610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480063620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0480063630: fa fa fa fa fa fa fa fa fa fa 00[07]fa fa 00 00
0x0c0480063640: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c0480063650: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c0480063660: fa fa 00 00 fa fa 00 00 fa fa fd fd fa fa 01 fa
0x0c0480063670: fa fa 06 fa fa fa fd fd fa fa fd fd fa fa 00 07
0x0c0480063680: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6158==ABORTING
--- cut ---
The crash was reported at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11826. Attached are two files which trigger the crash.
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39077.zip
# 0day.today [2018-03-01] #
{"href": "https://0day.today/exploit/description/25748", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=657\r\n \r\nThe following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark (\"$ ./tshark -nVxr /path/to/file\"):\r\n \r\n--- cut ---\r\n==6158==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200035b1df at pc 0x0000004aaf85 bp 0x7ffcdca29930 sp 0x7ffcdca290e0\r\nREAD of size 16 at 0x60200035b1df thread T0\r\n #0 0x4aaf84 in __asan_memcpy llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:393\r\n #1 0x7fc44e6a216a in AirPDcapDecryptWPABroadcastKey wireshark/epan/crypt/airpdcap.c:454:5\r\n #2 0x7fc44e6a0fd6 in AirPDcapRsna4WHandshake wireshark/epan/crypt/airpdcap.c:1405:21\r\n #3 0x7fc44e698b78 in AirPDcapScanForKeys wireshark/epan/crypt/airpdcap.c:563:13\r\n #4 0x7fc44e69749b in AirPDcapPacketProcess wireshark/epan/crypt/airpdcap.c:695:21\r\n #5 0x7fc44f596013 in dissect_ieee80211_common wireshark/epan/dissectors/packet-ieee80211.c:17767:9\r\n #6 0x7fc44f569dae in dissect_ieee80211 wireshark/epan/dissectors/packet-ieee80211.c:18375:10\r\n #7 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8\r\n #8 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9\r\n #9 0x7fc44e4f52be in call_dissector_only wireshark/epan/packet.c:2662:8\r\n #10 0x7fc44e4e6ccf in call_dissector_with_data wireshark/epan/packet.c:2675:8\r\n #11 0x7fc44f51c032 in dissect_wlan_radio wireshark/epan/dissectors/packet-ieee80211-radio.c:975:10\r\n #12 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8\r\n #13 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9\r\n #14 0x7fc44e4f52be in call_dissector_only wireshark/epan/packet.c:2662:8\r\n #15 0x7fc44e4e6ccf in call_dissector_with_data wireshark/epan/packet.c:2675:8\r\n #16 0x7fc44f52d965 in dissect_radiotap wireshark/epan/dissectors/packet-ieee80211-radiotap.c:1796:2\r\n #17 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8\r\n #18 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9\r\n #19 0x7fc44e4eadbd in dissector_try_uint_new wireshark/epan/packet.c:1148:9\r\n #20 0x7fc44f1fa5f6 in dissect_frame wireshark/epan/dissectors/packet-frame.c:500:11\r\n #21 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8\r\n #22 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9\r\n #23 0x7fc44e4f52be in call_dissector_only wireshark/epan/packet.c:2662:8\r\n #24 0x7fc44e4e6ccf in call_dissector_with_data wireshark/epan/packet.c:2675:8\r\n #25 0x7fc44e4e633b in dissect_record wireshark/epan/packet.c:501:3\r\n #26 0x7fc44e4943c9 in epan_dissect_run_with_taps wireshark/epan/epan.c:373:2\r\n #27 0x5264eb in process_packet wireshark/tshark.c:3728:5\r\n #28 0x51f960 in load_cap_file wireshark/tshark.c:3484:11\r\n #29 0x515daf in main wireshark/tshark.c:2197:13\r\n \r\n0x60200035b1df is located 0 bytes to the right of 15-byte region [0x60200035b1d0,0x60200035b1df)\r\nallocated by thread T0 here:\r\n #0 0x4c0bc8 in malloc llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40\r\n #1 0x7fc446a1c610 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e610)\r\n \r\nSUMMARY: AddressSanitizer: heap-buffer-overflow llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:393 in __asan_memcpy\r\nShadow bytes around the buggy address:\r\n 0x0c04800635e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c04800635f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c0480063600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c0480063610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c0480063620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n=>0x0c0480063630: fa fa fa fa fa fa fa fa fa fa 00[07]fa fa 00 00\r\n 0x0c0480063640: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00\r\n 0x0c0480063650: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00\r\n 0x0c0480063660: fa fa 00 00 fa fa 00 00 fa fa fd fd fa fa 01 fa\r\n 0x0c0480063670: fa fa 06 fa fa fa fd fd fa fa fd fd fa fa 00 07\r\n 0x0c0480063680: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fa\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Heap right redzone: fb\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack partial redzone: f4\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n==6158==ABORTING\r\n--- cut ---\r\n \r\nThe crash was reported at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11826. Attached are two files which trigger the crash.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39077.zip\n\n# 0day.today [2018-03-01] #", "bulletinFamily": "exploit", "modified": "2015-12-22T00:00:00", "title": "Wireshark AirPDcapDecryptWPABroadcastKey - Heap Based Out-of-Bounds Read", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 4.3}, "sourceHref": "https://0day.today/exploit/25748", "cvelist": ["CVE-2015-8724"], "description": "Exploit for multiple platform in category dos / poc", "viewCount": 9, "published": "2015-12-22T00:00:00", "edition": 1, "id": "1337DAY-ID-25748", "type": "zdt", "lastseen": "2018-03-01T23:40:44", "reporter": "Google Security Research", "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2018-03-01T23:40:44", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-8724"]}, {"type": "exploitdb", "idList": ["EDB-ID:39077"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310806945", "OPENVAS:1361412562310806946", "OPENVAS:1361412562310703505", "OPENVAS:1361412562310121461", "OPENVAS:703505"]}, {"type": "nessus", "idList": ["WIRESHARK_2_0_1.NASL", "WIRESHARK_1_12_9.NASL", "SUSE_SU-2016-0110-1.NASL", "SUSE_SU-2016-0109-1.NASL", "GENTOO_GLSA-201604-05.NASL", "OPENSUSE-2016-12.NASL", "DEBIAN_DSA-3505.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3505-1:8B7DB"]}, {"type": "archlinux", "idList": ["ASA-201601-6", "ASA-201601-5", "ASA-201601-4"]}, {"type": "kaspersky", "idList": ["KLA10730"]}, {"type": "f5", "idList": ["SOL87669052", "F5:K87669052"]}, {"type": "gentoo", "idList": ["GLSA-201604-05"]}], "modified": "2018-03-01T23:40:44", "rev": 2}, "vulnersScore": 5.6}, "references": []}
{"cve": [{"lastseen": "2021-02-02T06:21:31", "description": "The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-01-04T05:59:00", "title": "CVE-2015-8724", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8724"], "modified": "2016-12-07T18:29:00", "cpe": ["cpe:/a:wireshark:wireshark:1.12.8", "cpe:/a:wireshark:wireshark:1.12.5", "cpe:/a:wireshark:wireshark:2.0.0", "cpe:/a:wireshark:wireshark:1.12.6", "cpe:/a:wireshark:wireshark:1.12.2", "cpe:/a:wireshark:wireshark:1.12.1", "cpe:/a:wireshark:wireshark:1.12.3", "cpe:/a:wireshark:wireshark:1.12.7", "cpe:/a:wireshark:wireshark:1.12.4", "cpe:/a:wireshark:wireshark:1.12.0"], "id": "CVE-2015-8724", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8724", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-04T09:27:24", "description": "Wireshark AirPDcapDecryptWPABroadcastKey - Heap-Based Out-of-Bounds Read. CVE-2015-8724. Dos exploits for multiple platform", "published": "2015-12-22T00:00:00", "type": "exploitdb", "title": "Wireshark AirPDcapDecryptWPABroadcastKey - Heap-Based Out-of-Bounds Read", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-8724"], "modified": "2015-12-22T00:00:00", "id": "EDB-ID:39077", "href": "https://www.exploit-db.com/exploits/39077/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=657\r\n\r\nThe following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark (\"$ ./tshark -nVxr /path/to/file\"):\r\n\r\n--- cut ---\r\n==6158==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200035b1df at pc 0x0000004aaf85 bp 0x7ffcdca29930 sp 0x7ffcdca290e0\r\nREAD of size 16 at 0x60200035b1df thread T0\r\n #0 0x4aaf84 in __asan_memcpy llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:393\r\n #1 0x7fc44e6a216a in AirPDcapDecryptWPABroadcastKey wireshark/epan/crypt/airpdcap.c:454:5\r\n #2 0x7fc44e6a0fd6 in AirPDcapRsna4WHandshake wireshark/epan/crypt/airpdcap.c:1405:21\r\n #3 0x7fc44e698b78 in AirPDcapScanForKeys wireshark/epan/crypt/airpdcap.c:563:13\r\n #4 0x7fc44e69749b in AirPDcapPacketProcess wireshark/epan/crypt/airpdcap.c:695:21\r\n #5 0x7fc44f596013 in dissect_ieee80211_common wireshark/epan/dissectors/packet-ieee80211.c:17767:9\r\n #6 0x7fc44f569dae in dissect_ieee80211 wireshark/epan/dissectors/packet-ieee80211.c:18375:10\r\n #7 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8\r\n #8 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9\r\n #9 0x7fc44e4f52be in call_dissector_only wireshark/epan/packet.c:2662:8\r\n #10 0x7fc44e4e6ccf in call_dissector_with_data wireshark/epan/packet.c:2675:8\r\n #11 0x7fc44f51c032 in dissect_wlan_radio wireshark/epan/dissectors/packet-ieee80211-radio.c:975:10\r\n #12 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8\r\n #13 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9\r\n #14 0x7fc44e4f52be in call_dissector_only wireshark/epan/packet.c:2662:8\r\n #15 0x7fc44e4e6ccf in call_dissector_with_data wireshark/epan/packet.c:2675:8\r\n #16 0x7fc44f52d965 in dissect_radiotap wireshark/epan/dissectors/packet-ieee80211-radiotap.c:1796:2\r\n #17 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8\r\n #18 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9\r\n #19 0x7fc44e4eadbd in dissector_try_uint_new wireshark/epan/packet.c:1148:9\r\n #20 0x7fc44f1fa5f6 in dissect_frame wireshark/epan/dissectors/packet-frame.c:500:11\r\n #21 0x7fc44e4f8cc1 in call_dissector_through_handle wireshark/epan/packet.c:616:8\r\n #22 0x7fc44e4eb5ea in call_dissector_work wireshark/epan/packet.c:691:9\r\n #23 0x7fc44e4f52be in call_dissector_only wireshark/epan/packet.c:2662:8\r\n #24 0x7fc44e4e6ccf in call_dissector_with_data wireshark/epan/packet.c:2675:8\r\n #25 0x7fc44e4e633b in dissect_record wireshark/epan/packet.c:501:3\r\n #26 0x7fc44e4943c9 in epan_dissect_run_with_taps wireshark/epan/epan.c:373:2\r\n #27 0x5264eb in process_packet wireshark/tshark.c:3728:5\r\n #28 0x51f960 in load_cap_file wireshark/tshark.c:3484:11\r\n #29 0x515daf in main wireshark/tshark.c:2197:13\r\n\r\n0x60200035b1df is located 0 bytes to the right of 15-byte region [0x60200035b1d0,0x60200035b1df)\r\nallocated by thread T0 here:\r\n #0 0x4c0bc8 in malloc llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40\r\n #1 0x7fc446a1c610 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e610)\r\n\r\nSUMMARY: AddressSanitizer: heap-buffer-overflow llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:393 in __asan_memcpy\r\nShadow bytes around the buggy address:\r\n 0x0c04800635e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c04800635f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c0480063600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c0480063610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c0480063620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n=>0x0c0480063630: fa fa fa fa fa fa fa fa fa fa 00[07]fa fa 00 00\r\n 0x0c0480063640: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00\r\n 0x0c0480063650: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00\r\n 0x0c0480063660: fa fa 00 00 fa fa 00 00 fa fa fd fd fa fa 01 fa\r\n 0x0c0480063670: fa fa 06 fa fa fa fd fd fa fa fd fd fa fa 00 07\r\n 0x0c0480063680: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fa\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Heap right redzone: fb\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack partial redzone: f4\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n==6158==ABORTING\r\n--- cut ---\r\n\r\nThe crash was reported at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11826. Attached are two files which trigger the crash.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39077.zip\r\n\r\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/39077/"}], "openvas": [{"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8730", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8724", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2015-8732", "CVE-2015-8711", "CVE-2015-8718"], "description": "This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-01-11T00:00:00", "id": "OPENVAS:1361412562310806945", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806945", "type": "openvas", "title": "Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln02_jan16_win.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wireshark:wireshark\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806945\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2015-8733\", \"CVE-2015-8732\", \"CVE-2015-8731\", \"CVE-2015-8730\",\n \"CVE-2015-8729\", \"CVE-2015-8728\", \"CVE-2015-8727\", \"CVE-2015-8726\",\n \"CVE-2015-8725\", \"CVE-2015-8724\", \"CVE-2015-8723\", \"CVE-2015-8722\",\n \"CVE-2015-8721\", \"CVE-2015-8720\", \"CVE-2015-8718\", \"CVE-2015-8711\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-11 11:59:19 +0530 (Mon, 11 Jan 2016)\");\n script_name(\"Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to\n multiple errors in Wireshark. For details refer the links mentioned in the\n reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct denial of service attack.\");\n\n script_tag(name:\"affected\", value:\"Wireshark version 1.12.x before 1.12.9\n and 2.0.x before 2.0.1 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.12.9 or\n 2.0.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2015-45.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-41.html\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11792\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_wireshark_detect_win.nasl\");\n script_mandatory_keys(\"Wireshark/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!wirversion = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:wirversion, test_version:\"1.12.0\", test_version2:\"1.12.8\"))\n{\n fix = \"1.12.9\";\n VULN = TRUE ;\n}\n\nelse if(version_is_equal(version:wirversion, test_version:\"2.0.0\"))\n{\n fix = \"2.0.1\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + wirversion + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8730", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8724", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2015-8732", "CVE-2015-8711", "CVE-2015-8718"], "description": "This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-01-11T00:00:00", "id": "OPENVAS:1361412562310806946", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806946", "type": "openvas", "title": "Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wireshark_mult_dos_vuln02_jan16_macosx.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Mac OS X)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wireshark:wireshark\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806946\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2015-8733\", \"CVE-2015-8732\", \"CVE-2015-8731\", \"CVE-2015-8730\",\n \"CVE-2015-8729\", \"CVE-2015-8728\", \"CVE-2015-8727\", \"CVE-2015-8726\",\n \"CVE-2015-8725\", \"CVE-2015-8724\", \"CVE-2015-8723\", \"CVE-2015-8722\",\n \"CVE-2015-8721\", \"CVE-2015-8720\", \"CVE-2015-8718\", \"CVE-2015-8711\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-11 11:59:19 +0530 (Mon, 11 Jan 2016)\");\n script_name(\"Wireshark Multiple Denial-of-Service Vulnerabilities-02 January16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Wireshark\n and is prone to multiple denial of service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to\n multiple errors in Wireshark. For details refer the links mentioned in the\n reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct denial of service attack.\");\n\n script_tag(name:\"affected\", value:\"Wireshark version 1.12.x before 1.12.9\n and 2.0.x before 2.0.1 on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Wireshark version 1.12.9 or\n 2.0.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.wireshark.org/security/wnpa-sec-2015-45.html\");\n script_xref(name:\"URL\", value:\"https://www.wireshark.org/security/wnpa-sec-2015-41.html\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11792\");\n script_xref(name:\"URL\", value:\"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_wireshark_detect_macosx.nasl\");\n script_mandatory_keys(\"Wireshark/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!wirversion = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(wirversion, test_version:\"1.12.0\", test_version2:\"1.12.8\"))\n{\n fix = \"1.12.9\";\n VULN = TRUE ;\n}\n\nelse if(version_is_equal(version:wirversion, test_version:\"2.0.0\"))\n{\n fix = \"2.0.1\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + wirversion + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8726", "CVE-2015-8724", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-7830", "CVE-2015-8728", "CVE-2015-8712", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8711", "CVE-2015-8718"], "description": "Multiple vulnerabilities were\ndiscovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn,\nT.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A,\nAscend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service.", "modified": "2019-03-18T00:00:00", "published": "2016-03-04T00:00:00", "id": "OPENVAS:1361412562310703505", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703505", "type": "openvas", "title": "Debian Security Advisory DSA 3505-1 (wireshark - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3505.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3505-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703505\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-7830\", \"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\",\n \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\",\n \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\",\n \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\",\n \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\",\n \"CVE-2015-8730\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n script_name(\"Debian Security Advisory DSA 3505-1 (wireshark - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-04 00:00:00 +0100 (Fri, 04 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3505.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|7|9)\");\n script_tag(name:\"affected\", value:\"wireshark on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.8.2-5wheezy17.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.0.2+ga16e22e-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.2+ga16e22e-1.\n\nWe recommend that you upgrade your wireshark packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were\ndiscovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn,\nT.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A,\nAscend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark5:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark5:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap4:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap4:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil4:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil4:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-qt\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark2:amd64\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark2:i386\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap2:amd64\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap2:i386\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil2:amd64\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil2:i386\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark6:amd64\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwireshark6:i386\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap5:amd64\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwiretap5:i386\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil6:amd64\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwsutil6:i386\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tshark\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-gtk\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"wireshark-qt\", ver:\"2.0.2+ga16e22e-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:54:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8726", "CVE-2015-8724", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-7830", "CVE-2015-8728", "CVE-2015-8712", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8711", "CVE-2015-8718"], "description": "Multiple vulnerabilities were\ndiscovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn,\nT.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A,\nAscend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service.", "modified": "2017-07-07T00:00:00", "published": "2016-03-04T00:00:00", "id": "OPENVAS:703505", "href": "http://plugins.openvas.org/nasl.php?oid=703505", "type": "openvas", "title": "Debian Security Advisory DSA 3505-1 (wireshark - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3505.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3505-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703505);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-7830\", \"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\",\n \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\",\n \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\",\n \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\",\n \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\",\n \"CVE-2015-8730\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n script_name(\"Debian Security Advisory DSA 3505-1 (wireshark - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-03-04 00:00:00 +0100 (Fri, 04 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3505.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"wireshark on Debian Linux\");\n script_tag(name: \"insight\", value: \"Wireshark is a network 'sniffer' - a\ntool that captures and analyzes packets off the wire. Wireshark can decode too\nmany protocols to list here.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 1.8.2-5wheezy17.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.0.2+ga16e22e-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.2+ga16e22e-1.\n\nWe recommend that you upgrade your wireshark packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were\ndiscovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn,\nT.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A,\nAscend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark5:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark5:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap4:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap4:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil4:amd64\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil4:i386\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-qt\", ver:\"1.12.1+g01b65bf-4+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark2:amd64\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark2:i386\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap2:amd64\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap2:i386\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil2:amd64\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil2:i386\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dbg\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"1.8.2-5wheezy17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-data\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark-dev\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark6:amd64\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwireshark6:i386\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap-dev\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap5:amd64\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwiretap5:i386\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil-dev\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil6:amd64\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwsutil6:i386\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tshark\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-common\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-dev\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-doc\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-gtk\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wireshark-qt\", ver:\"2.0.2+ga16e22e-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8741", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2016-2531", "CVE-2015-8722", "CVE-2016-2527", "CVE-2016-2530", "CVE-2016-2524", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8736", "CVE-2015-8726", "CVE-2016-2521", "CVE-2015-8731", "CVE-2015-8739", "CVE-2015-8724", "CVE-2015-8742", "CVE-2015-8738", "CVE-2016-2529", "CVE-2015-8723", "CVE-2015-8720", "CVE-2016-2528", "CVE-2016-2526", "CVE-2015-8725", "CVE-2015-8737", "CVE-2015-8735", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2016-2532", "CVE-2015-8712", "CVE-2016-2523", "CVE-2016-2525", "CVE-2016-2522", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8734", "CVE-2015-8711", "CVE-2015-8740", "CVE-2015-8718"], "description": "Gentoo Linux Local Security Checks GLSA 201604-05", "modified": "2018-10-26T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310121461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121461", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201604-05", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201604-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121461\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:21:27 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201604-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201604-05\");\n script_cve_id(\"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8731\", \"CVE-2015-8732\", \"CVE-2015-8733\", \"CVE-2015-8734\", \"CVE-2015-8735\", \"CVE-2015-8736\", \"CVE-2015-8737\", \"CVE-2015-8738\", \"CVE-2015-8739\", \"CVE-2015-8740\", \"CVE-2015-8741\", \"CVE-2015-8742\", \"CVE-2016-2521\", \"CVE-2016-2522\", \"CVE-2016-2523\", \"CVE-2016-2524\", \"CVE-2016-2525\", \"CVE-2016-2526\", \"CVE-2016-2527\", \"CVE-2016-2528\", \"CVE-2016-2529\", \"CVE-2016-2530\", \"CVE-2016-2531\", \"CVE-2016-2532\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201604-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-analyzer/wireshark\", unaffected: make_list(\"ge 2.0.2\"), vulnerable: make_list(\"lt 2.0.2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:55:36", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8726", "CVE-2015-8724", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-7830", "CVE-2015-8728", "CVE-2015-8712", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8711", "CVE-2015-8718"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3505-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 04, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nCVE ID : CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 \n CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717\n CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721\n CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725\n CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729\n CVE-2015-8730 CVE-2015-8732 CVE-2015-8733\n\nMultiple vulnerabilities were discovered in the dissectors/parsers for\nPcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP,\n802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL\nand Sniffer which could result in denial of service.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.8.2-5wheezy17.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.0.2+ga16e22e-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.2+ga16e22e-1.\n\nWe recommend that you upgrade your wireshark packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 13, "modified": "2016-03-04T19:04:27", "published": "2016-03-04T19:04:27", "id": "DEBIAN:DSA-3505-1:8B7DB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00077.html", "title": "[SECURITY] [DSA 3505-1] wireshark security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-03-01T07:50:06", "description": "The version of Wireshark installed on the remote Windows host is\n1.12.x prior to 1.12.9. It is, therefore, affected by multiple\ndenial of service vulnerabilities in the following components :\n\n - 802.11 dissector\n - AllJoyn dissector\n - ANSI A dissector\n - Ascend file parser\n - BER dissector\n - DCOM dissector\n - DIAMETER dissector\n - DNS dissector\n - GSM A dissector\n - NBAP dissector\n - NLM dissector\n - RSL dissector\n - RSVP dissector\n - SCTP dissector\n - SDP dissector\n - Sniffer file parser\n - T.38 dissector\n - UMTS FP dissector\n - VeriWave file parser\n - ZigBee ZCL dissector\n - zlib compression\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 28, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2016-01-08T00:00:00", "title": "Wireshark 1.12.x < 1.12.9 Multiple DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8724", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2015-8712", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8711", "CVE-2015-8718"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_1_12_9.NASL", "href": "https://www.tenable.com/plugins/nessus/87824", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87824);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-8711\",\n \"CVE-2015-8712\",\n \"CVE-2015-8713\",\n \"CVE-2015-8714\",\n \"CVE-2015-8715\",\n \"CVE-2015-8716\",\n \"CVE-2015-8717\",\n \"CVE-2015-8718\",\n \"CVE-2015-8719\",\n \"CVE-2015-8720\",\n \"CVE-2015-8721\",\n \"CVE-2015-8722\",\n \"CVE-2015-8723\",\n \"CVE-2015-8724\",\n \"CVE-2015-8725\",\n \"CVE-2015-8726\",\n \"CVE-2015-8727\",\n \"CVE-2015-8728\",\n \"CVE-2015-8729\",\n \"CVE-2015-8730\",\n \"CVE-2015-8731\",\n \"CVE-2015-8732\",\n \"CVE-2015-8733\"\n );\n script_xref(name:\"EDB-ID\", value:\"38995\");\n script_xref(name:\"EDB-ID\", value:\"38996\");\n script_xref(name:\"EDB-ID\", value:\"38999\");\n script_xref(name:\"EDB-ID\", value:\"39000\");\n script_xref(name:\"EDB-ID\", value:\"39001\");\n script_xref(name:\"EDB-ID\", value:\"39002\");\n script_xref(name:\"EDB-ID\", value:\"39003\");\n script_xref(name:\"EDB-ID\", value:\"39004\");\n script_xref(name:\"EDB-ID\", value:\"39005\");\n script_xref(name:\"EDB-ID\", value:\"39006\");\n script_xref(name:\"EDB-ID\", value:\"39076\");\n script_xref(name:\"EDB-ID\", value:\"39077\");\n\n script_name(english:\"Wireshark 1.12.x < 1.12.9 Multiple DoS\");\n script_summary(english:\"Checks the version of Wireshark.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Wireshark installed on the remote Windows host is\n1.12.x prior to 1.12.9. It is, therefore, affected by multiple\ndenial of service vulnerabilities in the following components :\n\n - 802.11 dissector\n - AllJoyn dissector\n - ANSI A dissector\n - Ascend file parser\n - BER dissector\n - DCOM dissector\n - DIAMETER dissector\n - DNS dissector\n - GSM A dissector\n - NBAP dissector\n - NLM dissector\n - RSL dissector\n - RSVP dissector\n - SCTP dissector\n - SDP dissector\n - Sniffer file parser\n - T.38 dissector\n - UMTS FP dissector\n - VeriWave file parser\n - ZigBee ZCL dissector\n - zlib compression\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-1.12.9.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark version 1.12.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8733\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"installed_sw/Wireshark\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"Wireshark\";\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\n# Affected :\n# 1.12.x < 1.12.9\nif (version !~ \"^1\\.12\\.[0-8]($|[^0-9])\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.12.9' +\n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:49:27", "description": "Multiple vulnerabilities were discovered in the dissectors/parsers for\nPcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP,\n802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee\nZCL and Sniffer which could result in denial of service.", "edition": 22, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2016-03-07T00:00:00", "title": "Debian DSA-3505-1 : wireshark - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8726", "CVE-2015-8724", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-7830", "CVE-2015-8728", "CVE-2015-8712", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8711", "CVE-2015-8718"], "modified": "2016-03-07T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:wireshark", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3505.NASL", "href": "https://www.tenable.com/plugins/nessus/89695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3505. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89695);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7830\", \"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n script_xref(name:\"DSA\", value:\"3505\");\n\n script_name(english:\"Debian DSA-3505-1 : wireshark - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in the dissectors/parsers for\nPcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP,\n802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee\nZCL and Sniffer which could result in denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/wireshark\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/wireshark\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3505\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wireshark packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.8.2-5wheezy17.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.12.1+g01b65bf-4+deb8u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark-data\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark-dev\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwireshark2\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwiretap-dev\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwiretap2\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwsutil-dev\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwsutil2\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tshark\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-common\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-dbg\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-dev\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"wireshark-doc\", reference:\"1.8.2-5wheezy17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwireshark-data\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwireshark-dev\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwireshark5\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwiretap-dev\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwiretap4\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwsutil-dev\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwsutil4\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tshark\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark-common\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark-dbg\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark-dev\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark-doc\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"wireshark-qt\", reference:\"1.12.1+g01b65bf-4+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:29:21", "description": "Wireshark was updated to 1.12.9 to fix a number of crashes in protocol\ndissectors. [boo#960382]\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate conversation data, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function\n in epan/dissectors/packet-umts_fp.c in the UMTS FP\n dissector in Wireshark 1.12.x before 1.12.9 does not\n validate the number of PDUs, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the\n UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does\n not properly reserve memory for channel ID mappings,\n which allows remote attackers to cause a denial of\n service (out-of-bounds memory access and application\n crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in\n epan/dissectors/packet-dcom.c in the DCOM dissector in\n Wireshark 1.12.x before 1.12.9 does not initialize a\n certain IPv4 data structure, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the\n AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does\n not check for empty arguments, which allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in\n epan/dissectors/packet-t38.c in the T.38 dissector in\n Wireshark 1.12.x before 1.12.9 does not ensure that a\n conversation exists, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in\n epan/dissectors/packet-sdp.c in the SDP dissector in\n Wireshark 1.12.x before 1.12.9 does not prevent use of a\n negative media count, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in\n epan/dissectors/packet-nlm.c in the NLM dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\n when the 'Match MSG/RES packets for async NLM' option is\n enabled, allows remote attackers to cause a denial of\n service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in\n epan/dissectors/packet-dns.c in the DNS dissector in\n Wireshark 1.12.x before 1.12.9 mishandles the EDNS0\n Client Subnet option, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function\n in epan/dissectors/packet-ber.c in the BER dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n improperly checks an sscanf return value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress\n function in epan/tvbuff_zlib.c in Wireshark 1.12.x\n before 1.12.9 and 2.0.x before 2.0.1 allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the frame pointer, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in\n epan/crypt/airpdcap.c in the 802.11 dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationship between the total\n length and the capture length, which allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey\n function in epan/crypt/airpdcap.c in the 802.11\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not verify the WPA broadcast key\n length, which allows remote attackers to cause a denial\n of service (out-of-bounds read and application crash)\n via a crafted packet.\n\n - CVE-2015-8725: The\n dissect_diameter_base_framed_ipv6_prefix function in\n epan/dissectors/packet-diameter.c in the DIAMETER\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the IPv6 prefix length,\n which allows remote attackers to cause a denial of\n service (stack-based buffer overflow and application\n crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser\n in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate certain signature and Modulation and\n Coding Scheme (MCS) data, which allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in\n epan/dissectors/packet-rsvp.c in the RSVP dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not properly maintain request-key data, which\n allows remote attackers to cause a denial of service\n (use-after-free and application crash) via a crafted\n packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1)\n epan/dissectors/packet-ansi_a.c in the ANSI A dissector\n and (2) epan/dissectors/packet-gsm_a_common.c in the GSM\n A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 improperly uses the\n tvb_bcd_dig_to_wmem_packet_str function, which allows\n remote attackers to cause a denial of service (buffer\n overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in\n wiretap/ascendtext.c in the Ascend file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not ensure the presence of a '\\0' character at the\n end of a date string, which allows remote attackers to\n cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the number of items,\n which allows remote attackers to cause a denial of\n service (invalid read operation and application crash)\n via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in\n epan/dissectors/packet-rsl.c in the RSL dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not reject unknown TLV types, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp\n function in epan/dissectors/packet-zbee-zcl-general.c in\n the ZigBee ZCL dissector in Wireshark 1.12.x before\n 1.12.9 and 2.0.x before 2.0.1 does not validate the\n Total Profile Number field, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in\n wiretap/ngsniffer.c in the Sniffer file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationships between record\n lengths and record header lengths, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted file.", "edition": 19, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2016-01-11T00:00:00", "title": "openSUSE Security Update : wireshark (openSUSE-2016-12)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8724", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2015-8712", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8711", "CVE-2015-8718"], "modified": "2016-01-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo", "p-cpe:/a:novell:opensuse:wireshark", "p-cpe:/a:novell:opensuse:wireshark-devel", "p-cpe:/a:novell:opensuse:wireshark-ui-qt", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:wireshark-debugsource", "p-cpe:/a:novell:opensuse:wireshark-ui-gtk", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo", "p-cpe:/a:novell:opensuse:wireshark-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-12.NASL", "href": "https://www.tenable.com/plugins/nessus/87833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-12.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87833);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8731\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n\n script_name(english:\"openSUSE Security Update : wireshark (openSUSE-2016-12)\");\n script_summary(english:\"Check for the openSUSE-2016-12 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Wireshark was updated to 1.12.9 to fix a number of crashes in protocol\ndissectors. [boo#960382]\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate conversation data, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function\n in epan/dissectors/packet-umts_fp.c in the UMTS FP\n dissector in Wireshark 1.12.x before 1.12.9 does not\n validate the number of PDUs, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the\n UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does\n not properly reserve memory for channel ID mappings,\n which allows remote attackers to cause a denial of\n service (out-of-bounds memory access and application\n crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in\n epan/dissectors/packet-dcom.c in the DCOM dissector in\n Wireshark 1.12.x before 1.12.9 does not initialize a\n certain IPv4 data structure, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the\n AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does\n not check for empty arguments, which allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in\n epan/dissectors/packet-t38.c in the T.38 dissector in\n Wireshark 1.12.x before 1.12.9 does not ensure that a\n conversation exists, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in\n epan/dissectors/packet-sdp.c in the SDP dissector in\n Wireshark 1.12.x before 1.12.9 does not prevent use of a\n negative media count, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in\n epan/dissectors/packet-nlm.c in the NLM dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\n when the 'Match MSG/RES packets for async NLM' option is\n enabled, allows remote attackers to cause a denial of\n service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in\n epan/dissectors/packet-dns.c in the DNS dissector in\n Wireshark 1.12.x before 1.12.9 mishandles the EDNS0\n Client Subnet option, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function\n in epan/dissectors/packet-ber.c in the BER dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n improperly checks an sscanf return value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress\n function in epan/tvbuff_zlib.c in Wireshark 1.12.x\n before 1.12.9 and 2.0.x before 2.0.1 allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the frame pointer, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in\n epan/crypt/airpdcap.c in the 802.11 dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationship between the total\n length and the capture length, which allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey\n function in epan/crypt/airpdcap.c in the 802.11\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not verify the WPA broadcast key\n length, which allows remote attackers to cause a denial\n of service (out-of-bounds read and application crash)\n via a crafted packet.\n\n - CVE-2015-8725: The\n dissect_diameter_base_framed_ipv6_prefix function in\n epan/dissectors/packet-diameter.c in the DIAMETER\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the IPv6 prefix length,\n which allows remote attackers to cause a denial of\n service (stack-based buffer overflow and application\n crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser\n in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate certain signature and Modulation and\n Coding Scheme (MCS) data, which allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in\n epan/dissectors/packet-rsvp.c in the RSVP dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not properly maintain request-key data, which\n allows remote attackers to cause a denial of service\n (use-after-free and application crash) via a crafted\n packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1)\n epan/dissectors/packet-ansi_a.c in the ANSI A dissector\n and (2) epan/dissectors/packet-gsm_a_common.c in the GSM\n A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 improperly uses the\n tvb_bcd_dig_to_wmem_packet_str function, which allows\n remote attackers to cause a denial of service (buffer\n overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in\n wiretap/ascendtext.c in the Ascend file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not ensure the presence of a '\\0' character at the\n end of a date string, which allows remote attackers to\n cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the number of items,\n which allows remote attackers to cause a denial of\n service (invalid read operation and application crash)\n via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in\n epan/dissectors/packet-rsl.c in the RSL dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not reject unknown TLV types, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp\n function in epan/dissectors/packet-zbee-zcl-general.c in\n the ZigBee ZCL dissector in Wireshark 1.12.x before\n 1.12.9 and 2.0.x before 2.0.1 does not validate the\n Total Profile Number field, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in\n wiretap/ngsniffer.c in the Sniffer file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationships between record\n lengths and record header lengths, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960382\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected wireshark packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-gtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:wireshark-ui-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-debuginfo-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-debugsource-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-devel-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-ui-gtk-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-ui-gtk-debuginfo-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-ui-qt-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"wireshark-ui-qt-debuginfo-1.12.9-47.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-debuginfo-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-debugsource-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-devel-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-gtk-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-gtk-debuginfo-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-qt-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"wireshark-ui-qt-debuginfo-1.12.9-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-debuginfo-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-debugsource-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-devel-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-ui-gtk-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-ui-gtk-debuginfo-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-ui-qt-1.12.9-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"wireshark-ui-qt-debuginfo-1.12.9-14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark / wireshark-debuginfo / wireshark-debugsource / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:23:25", "description": "This update contains Wireshark 1.12.9 and fixes the following issues :\n\n - CVE-2015-7830: pcapng file parser could crash while\n copying an interface filter (bsc#950437)\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate conversation data, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function\n in epan/dissectors/packet-umts_fp.c in the UMTS FP\n dissector in Wireshark 1.12.x before 1.12.9 does not\n validate the number of PDUs, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the\n UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does\n not properly reserve memory for channel ID mappings,\n which allows remote attackers to cause a denial of\n service (out-of-bounds memory access and application\n crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in\n epan/dissectors/packet-dcom.c in the DCOM dissector in\n Wireshark 1.12.x before 1.12.9 does not initialize a\n certain IPv4 data structure, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the\n AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does\n not check for empty arguments, which allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in\n epan/dissectors/packet-t38.c in the T.38 dissector in\n Wireshark 1.12.x before 1.12.9 does not ensure that a\n conversation exists, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in\n epan/dissectors/packet-sdp.c in the SDP dissector in\n Wireshark 1.12.x before 1.12.9 does not prevent use of a\n negative media count, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in\n epan/dissectors/packet-nlm.c in the NLM dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\n when the 'Match MSG/RES packets for async NLM' option is\n enabled, allows remote attackers to cause a denial of\n service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in\n epan/dissectors/packet-dns.c in the DNS dissector in\n Wireshark 1.12.x before 1.12.9 mishandles the EDNS0\n Client Subnet option, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function\n in epan/dissectors/packet-ber.c in the BER dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n improperly checks an sscanf return value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress\n function in epan/tvbuff_zlib.c in Wireshark 1.12.x\n before 1.12.9 and 2.0.x before 2.0.1 allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the frame pointer, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in\n epan/crypt/airpdcap.c in the 802.11 dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationship between the total\n length and the capture length, which allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey\n function in epan/crypt/airpdcap.c in the 802.11\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not verify the WPA broadcast key\n length, which allows remote attackers to cause a denial\n of service (out-of-bounds read and application crash)\n via a crafted packet.\n\n - CVE-2015-8725: The\n dissect_diameter_base_framed_ipv6_prefix function in\n epan/dissectors/packet-diameter.c in the DIAMETER\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the IPv6 prefix length,\n which allows remote attackers to cause a denial of\n service (stack-based buffer overflow and application\n crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser\n in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate certain signature and Modulation and\n Coding Scheme (MCS) data, which allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in\n epan/dissectors/packet-rsvp.c in the RSVP dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not properly maintain request-key data, which\n allows remote attackers to cause a denial of service\n (use-after-free and application crash) via a crafted\n packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1)\n epan/dissectors/packet-ansi_a.c in the ANSI A dissector\n and (2) epan/dissectors/packet-gsm_a_common.c in the GSM\n A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 improperly uses the\n tvb_bcd_dig_to_wmem_packet_str function, which allows\n remote attackers to cause a denial of service (buffer\n overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in\n wiretap/ascendtext.c in the Ascend file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not ensure the presence of a '\\0' character at the\n end of a date string, which allows remote attackers to\n cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the number of items,\n which allows remote attackers to cause a denial of\n service (invalid read operation and application crash)\n via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in\n epan/dissectors/packet-rsl.c in the RSL dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not reject unknown TLV types, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp\n function in epan/dissectors/packet-zbee-zcl-general.c in\n the ZigBee ZCL dissector in Wireshark 1.12.x before\n 1.12.9 and 2.0.x before 2.0.1 does not validate the\n Total Profile Number field, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in\n wiretap/ngsniffer.c in the Sniffer file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationships between record\n lengths and record header lengths, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted file.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2016-01-14T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2016:0109-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8724", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-7830", "CVE-2015-8728", "CVE-2015-8712", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8711", "CVE-2015-8718"], "modified": "2016-01-14T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:wireshark-debuginfo", "p-cpe:/a:novell:suse_linux:wireshark-debugsource", "p-cpe:/a:novell:suse_linux:wireshark"], "id": "SUSE_SU-2016-0109-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87911", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0109-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87911);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-7830\", \"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8731\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2016:0109-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains Wireshark 1.12.9 and fixes the following issues :\n\n - CVE-2015-7830: pcapng file parser could crash while\n copying an interface filter (bsc#950437)\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate conversation data, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function\n in epan/dissectors/packet-umts_fp.c in the UMTS FP\n dissector in Wireshark 1.12.x before 1.12.9 does not\n validate the number of PDUs, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the\n UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does\n not properly reserve memory for channel ID mappings,\n which allows remote attackers to cause a denial of\n service (out-of-bounds memory access and application\n crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in\n epan/dissectors/packet-dcom.c in the DCOM dissector in\n Wireshark 1.12.x before 1.12.9 does not initialize a\n certain IPv4 data structure, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the\n AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does\n not check for empty arguments, which allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in\n epan/dissectors/packet-t38.c in the T.38 dissector in\n Wireshark 1.12.x before 1.12.9 does not ensure that a\n conversation exists, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in\n epan/dissectors/packet-sdp.c in the SDP dissector in\n Wireshark 1.12.x before 1.12.9 does not prevent use of a\n negative media count, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in\n epan/dissectors/packet-nlm.c in the NLM dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\n when the 'Match MSG/RES packets for async NLM' option is\n enabled, allows remote attackers to cause a denial of\n service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in\n epan/dissectors/packet-dns.c in the DNS dissector in\n Wireshark 1.12.x before 1.12.9 mishandles the EDNS0\n Client Subnet option, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function\n in epan/dissectors/packet-ber.c in the BER dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n improperly checks an sscanf return value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress\n function in epan/tvbuff_zlib.c in Wireshark 1.12.x\n before 1.12.9 and 2.0.x before 2.0.1 allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the frame pointer, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in\n epan/crypt/airpdcap.c in the 802.11 dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationship between the total\n length and the capture length, which allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey\n function in epan/crypt/airpdcap.c in the 802.11\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not verify the WPA broadcast key\n length, which allows remote attackers to cause a denial\n of service (out-of-bounds read and application crash)\n via a crafted packet.\n\n - CVE-2015-8725: The\n dissect_diameter_base_framed_ipv6_prefix function in\n epan/dissectors/packet-diameter.c in the DIAMETER\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the IPv6 prefix length,\n which allows remote attackers to cause a denial of\n service (stack-based buffer overflow and application\n crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser\n in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate certain signature and Modulation and\n Coding Scheme (MCS) data, which allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in\n epan/dissectors/packet-rsvp.c in the RSVP dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not properly maintain request-key data, which\n allows remote attackers to cause a denial of service\n (use-after-free and application crash) via a crafted\n packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1)\n epan/dissectors/packet-ansi_a.c in the ANSI A dissector\n and (2) epan/dissectors/packet-gsm_a_common.c in the GSM\n A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 improperly uses the\n tvb_bcd_dig_to_wmem_packet_str function, which allows\n remote attackers to cause a denial of service (buffer\n overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in\n wiretap/ascendtext.c in the Ascend file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not ensure the presence of a '\\0' character at the\n end of a date string, which allows remote attackers to\n cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the number of items,\n which allows remote attackers to cause a denial of\n service (invalid read operation and application crash)\n via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in\n epan/dissectors/packet-rsl.c in the RSL dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not reject unknown TLV types, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp\n function in epan/dissectors/packet-zbee-zcl-general.c in\n the ZigBee ZCL dissector in Wireshark 1.12.x before\n 1.12.9 and 2.0.x before 2.0.1 does not validate the\n Total Profile Number field, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in\n wiretap/ngsniffer.c in the Sniffer file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationships between record\n lengths and record header lengths, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted file.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8711/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8712/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8714/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8716/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8717/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8718/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8719/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8720/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8721/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8722/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8724/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8725/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8726/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8727/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8733/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160109-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c2a469e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-76=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-76=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-76=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-76=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-76=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-76=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wireshark-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wireshark-debuginfo-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"wireshark-debugsource-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wireshark-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wireshark-debuginfo-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"wireshark-debugsource-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"wireshark-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"wireshark-debuginfo-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"wireshark-debugsource-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"wireshark-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"wireshark-debuginfo-1.12.9-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"wireshark-debugsource-1.12.9-22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:23:25", "description": "This update contains Wireshark 1.12.9 and fixes the following issues :\n\n - CVE-2015-7830: pcapng file parser could crash while\n copying an interface filter (bsc#950437)\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate conversation data, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function\n in epan/dissectors/packet-umts_fp.c in the UMTS FP\n dissector in Wireshark 1.12.x before 1.12.9 does not\n validate the number of PDUs, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the\n UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does\n not properly reserve memory for channel ID mappings,\n which allows remote attackers to cause a denial of\n service (out-of-bounds memory access and application\n crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in\n epan/dissectors/packet-dcom.c in the DCOM dissector in\n Wireshark 1.12.x before 1.12.9 does not initialize a\n certain IPv4 data structure, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the\n AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does\n not check for empty arguments, which allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in\n epan/dissectors/packet-t38.c in the T.38 dissector in\n Wireshark 1.12.x before 1.12.9 does not ensure that a\n conversation exists, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in\n epan/dissectors/packet-sdp.c in the SDP dissector in\n Wireshark 1.12.x before 1.12.9 does not prevent use of a\n negative media count, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in\n epan/dissectors/packet-nlm.c in the NLM dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\n when the 'Match MSG/RES packets for async NLM' option is\n enabled, allows remote attackers to cause a denial of\n service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in\n epan/dissectors/packet-dns.c in the DNS dissector in\n Wireshark 1.12.x before 1.12.9 mishandles the EDNS0\n Client Subnet option, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function\n in epan/dissectors/packet-ber.c in the BER dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n improperly checks an sscanf return value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress\n function in epan/tvbuff_zlib.c in Wireshark 1.12.x\n before 1.12.9 and 2.0.x before 2.0.1 allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the frame pointer, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in\n epan/crypt/airpdcap.c in the 802.11 dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationship between the total\n length and the capture length, which allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey\n function in epan/crypt/airpdcap.c in the 802.11\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not verify the WPA broadcast key\n length, which allows remote attackers to cause a denial\n of service (out-of-bounds read and application crash)\n via a crafted packet.\n\n - CVE-2015-8725: The\n dissect_diameter_base_framed_ipv6_prefix function in\n epan/dissectors/packet-diameter.c in the DIAMETER\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the IPv6 prefix length,\n which allows remote attackers to cause a denial of\n service (stack-based buffer overflow and application\n crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser\n in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate certain signature and Modulation and\n Coding Scheme (MCS) data, which allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in\n epan/dissectors/packet-rsvp.c in the RSVP dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not properly maintain request-key data, which\n allows remote attackers to cause a denial of service\n (use-after-free and application crash) via a crafted\n packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1)\n epan/dissectors/packet-ansi_a.c in the ANSI A dissector\n and (2) epan/dissectors/packet-gsm_a_common.c in the GSM\n A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 improperly uses the\n tvb_bcd_dig_to_wmem_packet_str function, which allows\n remote attackers to cause a denial of service (buffer\n overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in\n wiretap/ascendtext.c in the Ascend file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not ensure the presence of a '\\0' character at the\n end of a date string, which allows remote attackers to\n cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the number of items,\n which allows remote attackers to cause a denial of\n service (invalid read operation and application crash)\n via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in\n epan/dissectors/packet-rsl.c in the RSL dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not reject unknown TLV types, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp\n function in epan/dissectors/packet-zbee-zcl-general.c in\n the ZigBee ZCL dissector in Wireshark 1.12.x before\n 1.12.9 and 2.0.x before 2.0.1 does not validate the\n Total Profile Number field, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in\n wiretap/ngsniffer.c in the Sniffer file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationships between record\n lengths and record header lengths, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted file.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2016-01-14T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : wireshark (SUSE-SU-2016:0110-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8724", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-7830", "CVE-2015-8728", "CVE-2015-8712", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8711", "CVE-2015-8718"], "modified": "2016-01-14T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:wireshark"], "id": "SUSE_SU-2016-0110-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0110-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87912);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-7830\", \"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8731\", \"CVE-2015-8732\", \"CVE-2015-8733\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : wireshark (SUSE-SU-2016:0110-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains Wireshark 1.12.9 and fixes the following issues :\n\n - CVE-2015-7830: pcapng file parser could crash while\n copying an interface filter (bsc#950437)\n\n - CVE-2015-8711: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate conversation data, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8712: The dissect_hsdsch_channel_info function\n in epan/dissectors/packet-umts_fp.c in the UMTS FP\n dissector in Wireshark 1.12.x before 1.12.9 does not\n validate the number of PDUs, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8713: epan/dissectors/packet-umts_fp.c in the\n UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does\n not properly reserve memory for channel ID mappings,\n which allows remote attackers to cause a denial of\n service (out-of-bounds memory access and application\n crash) via a crafted packet.\n\n - CVE-2015-8714: The dissect_dcom_OBJREF function in\n epan/dissectors/packet-dcom.c in the DCOM dissector in\n Wireshark 1.12.x before 1.12.9 does not initialize a\n certain IPv4 data structure, which allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet.\n\n - CVE-2015-8715: epan/dissectors/packet-alljoyn.c in the\n AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does\n not check for empty arguments, which allows remote\n attackers to cause a denial of service (infinite loop)\n via a crafted packet.\n\n - CVE-2015-8716: The init_t38_info_conv function in\n epan/dissectors/packet-t38.c in the T.38 dissector in\n Wireshark 1.12.x before 1.12.9 does not ensure that a\n conversation exists, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8717: The dissect_sdp function in\n epan/dissectors/packet-sdp.c in the SDP dissector in\n Wireshark 1.12.x before 1.12.9 does not prevent use of a\n negative media count, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8718: Double free vulnerability in\n epan/dissectors/packet-nlm.c in the NLM dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\n when the 'Match MSG/RES packets for async NLM' option is\n enabled, allows remote attackers to cause a denial of\n service (application crash) via a crafted packet.\n\n - CVE-2015-8719: The dissect_dns_answer function in\n epan/dissectors/packet-dns.c in the DNS dissector in\n Wireshark 1.12.x before 1.12.9 mishandles the EDNS0\n Client Subnet option, which allows remote attackers to\n cause a denial of service (application crash) via a\n crafted packet.\n\n - CVE-2015-8720: The dissect_ber_GeneralizedTime function\n in epan/dissectors/packet-ber.c in the BER dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n improperly checks an sscanf return value, which allows\n remote attackers to cause a denial of service\n (application crash) via a crafted packet.\n\n - CVE-2015-8721: Buffer overflow in the tvb_uncompress\n function in epan/tvbuff_zlib.c in Wireshark 1.12.x\n before 1.12.9 and 2.0.x before 2.0.1 allows remote\n attackers to cause a denial of service (application\n crash) via a crafted packet with zlib compression.\n\n - CVE-2015-8722: epan/dissectors/packet-sctp.c in the SCTP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the frame pointer, which\n allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) via a\n crafted packet.\n\n - CVE-2015-8723: The AirPDcapPacketProcess function in\n epan/crypt/airpdcap.c in the 802.11 dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationship between the total\n length and the capture length, which allows remote\n attackers to cause a denial of service (stack-based\n buffer overflow and application crash) via a crafted\n\n - CVE-2015-8724: The AirPDcapDecryptWPABroadcastKey\n function in epan/crypt/airpdcap.c in the 802.11\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not verify the WPA broadcast key\n length, which allows remote attackers to cause a denial\n of service (out-of-bounds read and application crash)\n via a crafted packet.\n\n - CVE-2015-8725: The\n dissect_diameter_base_framed_ipv6_prefix function in\n epan/dissectors/packet-diameter.c in the DIAMETER\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the IPv6 prefix length,\n which allows remote attackers to cause a denial of\n service (stack-based buffer overflow and application\n crash) via a crafted packet.\n\n - CVE-2015-8726: wiretap/vwr.c in the VeriWave file parser\n in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate certain signature and Modulation and\n Coding Scheme (MCS) data, which allows remote attackers\n to cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8727: The dissect_rsvp_common function in\n epan/dissectors/packet-rsvp.c in the RSVP dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not properly maintain request-key data, which\n allows remote attackers to cause a denial of service\n (use-after-free and application crash) via a crafted\n packet.\n\n - CVE-2015-8728: The Mobile Identity parser in (1)\n epan/dissectors/packet-ansi_a.c in the ANSI A dissector\n and (2) epan/dissectors/packet-gsm_a_common.c in the GSM\n A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 improperly uses the\n tvb_bcd_dig_to_wmem_packet_str function, which allows\n remote attackers to cause a denial of service (buffer\n overflow and application crash) via a crafted packet.\n\n - CVE-2015-8729: The ascend_seek function in\n wiretap/ascendtext.c in the Ascend file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not ensure the presence of a '\\0' character at the\n end of a date string, which allows remote attackers to\n cause a denial of service (out-of-bounds read and\n application crash) via a crafted file.\n\n - CVE-2015-8730: epan/dissectors/packet-nbap.c in the NBAP\n dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\n before 2.0.1 does not validate the number of items,\n which allows remote attackers to cause a denial of\n service (invalid read operation and application crash)\n via a crafted packet.\n\n - CVE-2015-8731: The dissct_rsl_ipaccess_msg function in\n epan/dissectors/packet-rsl.c in the RSL dissector in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not reject unknown TLV types, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp\n function in epan/dissectors/packet-zbee-zcl-general.c in\n the ZigBee ZCL dissector in Wireshark 1.12.x before\n 1.12.9 and 2.0.x before 2.0.1 does not validate the\n Total Profile Number field, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted packet.\n\n - CVE-2015-8733: The ngsniffer_process_record function in\n wiretap/ngsniffer.c in the Sniffer file parser in\n Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1\n does not validate the relationships between record\n lengths and record header lengths, which allows remote\n attackers to cause a denial of service (out-of-bounds\n read and application crash) via a crafted file.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7830/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8711/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8712/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8714/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8716/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8717/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8718/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8719/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8720/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8721/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8722/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8724/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8725/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8726/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8727/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8733/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160110-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c9cb4d7d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-wireshark-12322=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-wireshark-12322=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-wireshark-12322=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-wireshark-12322=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-wireshark-12322=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-wireshark-12322=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-wireshark-12322=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-wireshark-12322=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-wireshark-12322=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"wireshark-1.12.9-0.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"wireshark\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-03-01T07:50:10", "description": "The version of Wireshark installed on the remote Windows host is\n2.0.0. It is, therefore, affected by multiple denial of service\nvulnerabilities in the following components :\n\n - 802.11 dissector\n - ANSI A dissector\n - Ascend file parser\n - BER dissector\n - Bluetooth Attribute dissector\n - DIAMETER dissector\n - GSM A dissector\n - IPMI dissector\n - MP2T file parser\n - MS-WSP dissector\n - NBAP dissector\n - NLM dissector\n - NWP dissector\n - PPI dissector\n - RSL dissector\n - RSVP dissector\n - S7COMM dissector\n - SCTP dissector\n - Sniffer file parser\n - TDS dissector\n - VeriWave file parser\n - ZigBee ZCL dissector\n - zlib compression\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 28, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2016-01-08T00:00:00", "title": "Wireshark 2.0.0 Multiple DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8741", "CVE-2015-8730", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8736", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8739", "CVE-2015-8724", "CVE-2015-8742", "CVE-2015-8738", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8737", "CVE-2015-8735", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2015-8732", "CVE-2015-8734", "CVE-2015-8711", "CVE-2015-8740", "CVE-2015-8718"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:wireshark:wireshark"], "id": "WIRESHARK_2_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/87825", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87825);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-8711\",\n \"CVE-2015-8718\",\n \"CVE-2015-8720\",\n \"CVE-2015-8721\",\n \"CVE-2015-8722\",\n \"CVE-2015-8723\",\n \"CVE-2015-8724\",\n \"CVE-2015-8725\",\n \"CVE-2015-8726\",\n \"CVE-2015-8727\",\n \"CVE-2015-8728\",\n \"CVE-2015-8729\",\n \"CVE-2015-8730\",\n \"CVE-2015-8731\",\n \"CVE-2015-8732\",\n \"CVE-2015-8733\",\n \"CVE-2015-8734\",\n \"CVE-2015-8735\",\n \"CVE-2015-8736\",\n \"CVE-2015-8737\",\n \"CVE-2015-8738\",\n \"CVE-2015-8739\",\n \"CVE-2015-8740\",\n \"CVE-2015-8741\",\n \"CVE-2015-8742\"\n );\n script_xref(name:\"EDB-ID\", value:\"38993\");\n script_xref(name:\"EDB-ID\", value:\"38994\");\n script_xref(name:\"EDB-ID\", value:\"38995\");\n script_xref(name:\"EDB-ID\", value:\"38996\");\n script_xref(name:\"EDB-ID\", value:\"38997\");\n script_xref(name:\"EDB-ID\", value:\"38998\");\n script_xref(name:\"EDB-ID\", value:\"38999\");\n script_xref(name:\"EDB-ID\", value:\"39000\");\n script_xref(name:\"EDB-ID\", value:\"39001\");\n script_xref(name:\"EDB-ID\", value:\"39002\");\n script_xref(name:\"EDB-ID\", value:\"39003\");\n script_xref(name:\"EDB-ID\", value:\"39004\");\n script_xref(name:\"EDB-ID\", value:\"39005\");\n script_xref(name:\"EDB-ID\", value:\"39006\");\n script_xref(name:\"EDB-ID\", value:\"39076\");\n script_xref(name:\"EDB-ID\", value:\"39077\");\n\n script_name(english:\"Wireshark 2.0.0 Multiple DoS\");\n script_summary(english:\"Checks the version of Wireshark.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Wireshark installed on the remote Windows host is\n2.0.0. It is, therefore, affected by multiple denial of service\nvulnerabilities in the following components :\n\n - 802.11 dissector\n - ANSI A dissector\n - Ascend file parser\n - BER dissector\n - Bluetooth Attribute dissector\n - DIAMETER dissector\n - GSM A dissector\n - IPMI dissector\n - MP2T file parser\n - MS-WSP dissector\n - NBAP dissector\n - NLM dissector\n - NWP dissector\n - PPI dissector\n - RSL dissector\n - RSVP dissector\n - S7COMM dissector\n - SCTP dissector\n - Sniffer file parser\n - TDS dissector\n - VeriWave file parser\n - ZigBee ZCL dissector\n - zlib compression\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Wireshark version 2.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wireshark:wireshark\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wireshark_installed.nasl\");\n script_require_keys(\"installed_sw/Wireshark\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"Wireshark\";\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\n# Affected :\n# 2.0.0 < 2.0.1\nif (version !~ \"^2\\.0\\.0($|[^0-9])\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.1' +\n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T11:05:05", "description": "The remote host is affected by the vulnerability described in GLSA-201604-05\n(Wireshark: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Wireshark. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could cause Denial of Service and local attackers could\n escalate privileges.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-04-27T00:00:00", "title": "GLSA-201604-05 : Wireshark: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8741", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2016-2531", "CVE-2015-8722", "CVE-2016-2527", "CVE-2016-2530", "CVE-2016-2524", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8736", "CVE-2015-8726", "CVE-2016-2521", "CVE-2015-8731", "CVE-2015-8739", "CVE-2015-8724", "CVE-2015-8742", "CVE-2015-8738", "CVE-2016-2529", "CVE-2015-8723", "CVE-2015-8720", "CVE-2016-2528", "CVE-2016-2526", "CVE-2015-8725", "CVE-2015-8737", "CVE-2015-8735", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2016-2532", "CVE-2015-8712", "CVE-2016-2523", "CVE-2016-2525", "CVE-2016-2522", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8734", "CVE-2015-8711", "CVE-2015-8740", "CVE-2015-8718"], "modified": "2016-04-27T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:wireshark"], "id": "GENTOO_GLSA-201604-05.NASL", "href": "https://www.tenable.com/plugins/nessus/90744", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201604-05.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90744);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8711\", \"CVE-2015-8712\", \"CVE-2015-8713\", \"CVE-2015-8714\", \"CVE-2015-8715\", \"CVE-2015-8716\", \"CVE-2015-8717\", \"CVE-2015-8718\", \"CVE-2015-8719\", \"CVE-2015-8720\", \"CVE-2015-8721\", \"CVE-2015-8722\", \"CVE-2015-8723\", \"CVE-2015-8724\", \"CVE-2015-8725\", \"CVE-2015-8726\", \"CVE-2015-8727\", \"CVE-2015-8728\", \"CVE-2015-8729\", \"CVE-2015-8730\", \"CVE-2015-8731\", \"CVE-2015-8732\", \"CVE-2015-8733\", \"CVE-2015-8734\", \"CVE-2015-8735\", \"CVE-2015-8736\", \"CVE-2015-8737\", \"CVE-2015-8738\", \"CVE-2015-8739\", \"CVE-2015-8740\", \"CVE-2015-8741\", \"CVE-2015-8742\", \"CVE-2016-2521\", \"CVE-2016-2522\", \"CVE-2016-2523\", \"CVE-2016-2524\", \"CVE-2016-2525\", \"CVE-2016-2526\", \"CVE-2016-2527\", \"CVE-2016-2528\", \"CVE-2016-2529\", \"CVE-2016-2530\", \"CVE-2016-2531\", \"CVE-2016-2532\");\n script_xref(name:\"GLSA\", value:\"201604-05\");\n\n script_name(english:\"GLSA-201604-05 : Wireshark: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201604-05\n(Wireshark: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Wireshark. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could cause Denial of Service and local attackers could\n escalate privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201604-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Wireshark users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-2.0.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:wireshark\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/wireshark\", unaffected:make_list(\"ge 2.0.2\"), vulnerable:make_list(\"lt 2.0.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Wireshark\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8741", "CVE-2015-8730", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8736", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8739", "CVE-2015-8724", "CVE-2015-8742", "CVE-2015-8738", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8737", "CVE-2015-8735", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2015-8732", "CVE-2015-8734", "CVE-2015-8711", "CVE-2015-8740", "CVE-2015-8718"], "description": "- CVE-2015-8742 (denial of service)\nThe dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c\nin the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not\nvalidate the column size, which allows remote attackers to cause a\ndenial of service (memory consumption or application crash) via a\ncrafted packet.\n\n- CVE-2015-8741 (denial of service)\nThe dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI\ndissector in Wireshark 2.0.x before 2.0.1 does not initialize a\npacket-header data structure, which allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\n- CVE-2015-8740 (denial of service)\nThe dissect_tds7_colmetadata_token function in\nepan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x\nbefore 2.0.1 does not validate the number of columns, which allows\nremote attackers to cause a denial of service (stack-based buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8738 (denial of service)\nThe s7comm_decode_ud_cpu_szl_subfunc function in\nepan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in\nWireshark 2.0.x before 2.0.1 does not validate the list count in an\nSZL response, which allows remote attackers to cause a denial of\nservice (divide-by-zero error and application crash) via a crafted\npacket.\n\n- CVE-2015-8739 (denial of service)\nThe ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the\nIPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to\naccess a packet scope, which allows remote attackers to cause a denial\nof service (assertion failure and application exit) via a crafted\npacket.\n\n- CVE-2015-8737 (denial of service)\nThe mp2t_open function in wiretap/mp2t.c in the MP2T file parser in\nWireshark 2.0.x before 2.0.1 does not validate the bit rate, which\nallows remote attackers to cause a denial of service (divide-by-zero\nerror and application crash) via a crafted file.\n\n- CVE-2015-8736 (denial of service)\nThe mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file\nparser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a\ntrailer, which allows remote attackers to cause a denial of service\n(stack-based buffer overflow and application crash) via a crafted\nfile.\n\n- CVE-2015-8735 (denial of service)\nThe get_value function in epan/dissectors/packet-btatt.c in the\nBluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before\n2.0.1 uses an incorrect integer data type, which allows remote\nattackers to cause a denial of service (invalid write operation and\napplication crash) via a crafted packet.\n\n- CVE-2015-8734 (denial of service)\nThe dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP\ndissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type,\nwhich allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\n- CVE-2015-8733 (denial of service)\nThe ngsniffer_process_record function in wiretap/ngsniffer.c in the\nSniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationships between record lengths and\nrecord header lengths, which allows remote attackers to cause a denial\nof service (out-of-bounds read and application crash) via a crafted\nfile.\n\n- CVE-2015-8732 (denial of service)\nThe dissect_zcl_pwr_prof_pwrprofstatersp function in\nepan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the Total Profile Number field, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted packet.\n\n- CVE-2015-8730 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nnumber of items, which allows remote attackers to cause a denial of\nservice (invalid read operation and application crash) via a crafted\npacket.\n\n- CVE-2015-8731 (denial of service)\nThe dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c\nin the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not reject unknown TLV types, which allows remote\nattackers to cause a denial of service (out-of-bounds read and\napplication crash) via a crafted packet.\n\n- CVE-2015-8729 (denial of service)\nThe ascend_seek function in wiretap/ascendtext.c in the Ascend file\nparser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does\nnot ensure the presence of a '\\0' character at the end of a date\nstring, which allows remote attackers to cause a denial of service\n(out-of-bounds read and application crash) via a crafted file.\n\n- CVE-2015-8728 (denial of service)\nThe Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in\nthe ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in\nthe GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function,\nwhich allows remote attackers to cause a denial of service (buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8727 (denial of service)\nThe dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in\nthe RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not properly maintain request-key data, which allows remote\nattackers to cause a denial of service (use-after-free and application\ncrash) via a crafted packet\n\n- CVE-2015-8726 (denial of service)\nwiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before\n1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and\nModulation and Coding Scheme (MCS) data, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted file.\n\n- CVE-2015-8725 (denial of service)\nThe dissect_diameter_base_framed_ipv6_prefix function in\nepan/dissectors/packet-diameter.c in the DIAMETER dissector in\nWireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the IPv6 prefix length, which allows remote attackers to\ncause a denial of service (stack-based buffer overflow and application\ncrash) via a crafted packet.\n\n- CVE-2015-8724 (denial of service)\nThe AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c\nin the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not verify the WPA broadcast key length, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread and application crash) via a crafted packet.\n\n- CVE-2015-8723 (denial of service)\nThe AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the\n802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationship between the total length and\nthe capture length, which allows remote attackers to cause a denial of\nservice (stack-based buffer overflow and application crash) via a\ncrafted packet.\n\n- CVE-2015-8722 (denial of service)\nepan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nframe pointer, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.\n\n- CVE-2015-8721 (denial of service)\nBuffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet with zlib compression.\n\n- CVE-2015-8720 (denial of service)\nThe dissect_ber_GeneralizedTime function in\nepan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x\nbefore 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf\nreturn value, which allows remote attackers to cause a denial of\nservice (application crash) via a crafted packet.\n\n- CVE-2015-8718 (denial of service)\nDouble free vulnerability in epan/dissectors/packet-nlm.c in the NLM\ndissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\nwhen the "Match MSG/RES packets for async NLM" option is enabled,\nallows remote attackers to cause a denial of service (application\ncrash) via a crafted packet.\n\n- CVE-2015-8711 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate\nconversation data, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.", "modified": "2016-01-09T00:00:00", "published": "2016-01-09T00:00:00", "id": "ASA-201601-5", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html", "type": "archlinux", "title": "wireshark-gtk: denial of service", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8741", "CVE-2015-8730", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8736", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8739", "CVE-2015-8724", "CVE-2015-8742", "CVE-2015-8738", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8737", "CVE-2015-8735", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2015-8732", "CVE-2015-8734", "CVE-2015-8711", "CVE-2015-8740", "CVE-2015-8718"], "description": "- CVE-2015-8742 (denial of service)\nThe dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c\nin the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not\nvalidate the column size, which allows remote attackers to cause a\ndenial of service (memory consumption or application crash) via a\ncrafted packet.\n\n- CVE-2015-8741 (denial of service)\nThe dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI\ndissector in Wireshark 2.0.x before 2.0.1 does not initialize a\npacket-header data structure, which allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\n- CVE-2015-8740 (denial of service)\nThe dissect_tds7_colmetadata_token function in\nepan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x\nbefore 2.0.1 does not validate the number of columns, which allows\nremote attackers to cause a denial of service (stack-based buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8738 (denial of service)\nThe s7comm_decode_ud_cpu_szl_subfunc function in\nepan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in\nWireshark 2.0.x before 2.0.1 does not validate the list count in an\nSZL response, which allows remote attackers to cause a denial of\nservice (divide-by-zero error and application crash) via a crafted\npacket.\n\n- CVE-2015-8739 (denial of service)\nThe ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the\nIPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to\naccess a packet scope, which allows remote attackers to cause a denial\nof service (assertion failure and application exit) via a crafted\npacket.\n\n- CVE-2015-8737 (denial of service)\nThe mp2t_open function in wiretap/mp2t.c in the MP2T file parser in\nWireshark 2.0.x before 2.0.1 does not validate the bit rate, which\nallows remote attackers to cause a denial of service (divide-by-zero\nerror and application crash) via a crafted file.\n\n- CVE-2015-8736 (denial of service)\nThe mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file\nparser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a\ntrailer, which allows remote attackers to cause a denial of service\n(stack-based buffer overflow and application crash) via a crafted\nfile.\n\n- CVE-2015-8735 (denial of service)\nThe get_value function in epan/dissectors/packet-btatt.c in the\nBluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before\n2.0.1 uses an incorrect integer data type, which allows remote\nattackers to cause a denial of service (invalid write operation and\napplication crash) via a crafted packet.\n\n- CVE-2015-8734 (denial of service)\nThe dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP\ndissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type,\nwhich allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\n- CVE-2015-8733 (denial of service)\nThe ngsniffer_process_record function in wiretap/ngsniffer.c in the\nSniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationships between record lengths and\nrecord header lengths, which allows remote attackers to cause a denial\nof service (out-of-bounds read and application crash) via a crafted\nfile.\n\n- CVE-2015-8732 (denial of service)\nThe dissect_zcl_pwr_prof_pwrprofstatersp function in\nepan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the Total Profile Number field, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted packet.\n\n- CVE-2015-8730 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nnumber of items, which allows remote attackers to cause a denial of\nservice (invalid read operation and application crash) via a crafted\npacket.\n\n- CVE-2015-8731 (denial of service)\nThe dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c\nin the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not reject unknown TLV types, which allows remote\nattackers to cause a denial of service (out-of-bounds read and\napplication crash) via a crafted packet.\n\n- CVE-2015-8729 (denial of service)\nThe ascend_seek function in wiretap/ascendtext.c in the Ascend file\nparser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does\nnot ensure the presence of a '\\0' character at the end of a date\nstring, which allows remote attackers to cause a denial of service\n(out-of-bounds read and application crash) via a crafted file.\n\n- CVE-2015-8728 (denial of service)\nThe Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in\nthe ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in\nthe GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function,\nwhich allows remote attackers to cause a denial of service (buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8727 (denial of service)\nThe dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in\nthe RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not properly maintain request-key data, which allows remote\nattackers to cause a denial of service (use-after-free and application\ncrash) via a crafted packet\n\n- CVE-2015-8726 (denial of service)\nwiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before\n1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and\nModulation and Coding Scheme (MCS) data, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted file.\n\n- CVE-2015-8725 (denial of service)\nThe dissect_diameter_base_framed_ipv6_prefix function in\nepan/dissectors/packet-diameter.c in the DIAMETER dissector in\nWireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the IPv6 prefix length, which allows remote attackers to\ncause a denial of service (stack-based buffer overflow and application\ncrash) via a crafted packet.\n\n- CVE-2015-8724 (denial of service)\nThe AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c\nin the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not verify the WPA broadcast key length, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread and application crash) via a crafted packet.\n\n- CVE-2015-8723 (denial of service)\nThe AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the\n802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationship between the total length and\nthe capture length, which allows remote attackers to cause a denial of\nservice (stack-based buffer overflow and application crash) via a\ncrafted packet.\n\n- CVE-2015-8722 (denial of service)\nepan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nframe pointer, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.\n\n- CVE-2015-8721 (denial of service)\nBuffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet with zlib compression.\n\n- CVE-2015-8720 (denial of service)\nThe dissect_ber_GeneralizedTime function in\nepan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x\nbefore 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf\nreturn value, which allows remote attackers to cause a denial of\nservice (application crash) via a crafted packet.\n\n- CVE-2015-8718 (denial of service)\nDouble free vulnerability in epan/dissectors/packet-nlm.c in the NLM\ndissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\nwhen the "Match MSG/RES packets for async NLM" option is enabled,\nallows remote attackers to cause a denial of service (application\ncrash) via a crafted packet.\n\n- CVE-2015-8711 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate\nconversation data, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.", "modified": "2016-01-09T00:00:00", "published": "2016-01-09T00:00:00", "id": "ASA-201601-6", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html", "type": "archlinux", "title": "wireshark-qt: denial of service", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8741", "CVE-2015-8730", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8736", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8739", "CVE-2015-8724", "CVE-2015-8742", "CVE-2015-8738", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8737", "CVE-2015-8735", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2015-8732", "CVE-2015-8734", "CVE-2015-8711", "CVE-2015-8740", "CVE-2015-8718"], "description": "- CVE-2015-8742 (denial of service)\nThe dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c\nin the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not\nvalidate the column size, which allows remote attackers to cause a\ndenial of service (memory consumption or application crash) via a\ncrafted packet.\n\n- CVE-2015-8741 (denial of service)\nThe dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI\ndissector in Wireshark 2.0.x before 2.0.1 does not initialize a\npacket-header data structure, which allows remote attackers to cause a\ndenial of service (application crash) via a crafted packet.\n\n- CVE-2015-8740 (denial of service)\nThe dissect_tds7_colmetadata_token function in\nepan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x\nbefore 2.0.1 does not validate the number of columns, which allows\nremote attackers to cause a denial of service (stack-based buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8738 (denial of service)\nThe s7comm_decode_ud_cpu_szl_subfunc function in\nepan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in\nWireshark 2.0.x before 2.0.1 does not validate the list count in an\nSZL response, which allows remote attackers to cause a denial of\nservice (divide-by-zero error and application crash) via a crafted\npacket.\n\n- CVE-2015-8739 (denial of service)\nThe ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the\nIPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to\naccess a packet scope, which allows remote attackers to cause a denial\nof service (assertion failure and application exit) via a crafted\npacket.\n\n- CVE-2015-8737 (denial of service)\nThe mp2t_open function in wiretap/mp2t.c in the MP2T file parser in\nWireshark 2.0.x before 2.0.1 does not validate the bit rate, which\nallows remote attackers to cause a denial of service (divide-by-zero\nerror and application crash) via a crafted file.\n\n- CVE-2015-8736 (denial of service)\nThe mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file\nparser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a\ntrailer, which allows remote attackers to cause a denial of service\n(stack-based buffer overflow and application crash) via a crafted\nfile.\n\n- CVE-2015-8735 (denial of service)\nThe get_value function in epan/dissectors/packet-btatt.c in the\nBluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before\n2.0.1 uses an incorrect integer data type, which allows remote\nattackers to cause a denial of service (invalid write operation and\napplication crash) via a crafted packet.\n\n- CVE-2015-8734 (denial of service)\nThe dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP\ndissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type,\nwhich allows remote attackers to cause a denial of service\n(application crash) via a crafted packet.\n\n- CVE-2015-8733 (denial of service)\nThe ngsniffer_process_record function in wiretap/ngsniffer.c in the\nSniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationships between record lengths and\nrecord header lengths, which allows remote attackers to cause a denial\nof service (out-of-bounds read and application crash) via a crafted\nfile.\n\n- CVE-2015-8732 (denial of service)\nThe dissect_zcl_pwr_prof_pwrprofstatersp function in\nepan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the Total Profile Number field, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted packet.\n\n- CVE-2015-8730 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nnumber of items, which allows remote attackers to cause a denial of\nservice (invalid read operation and application crash) via a crafted\npacket.\n\n- CVE-2015-8731 (denial of service)\nThe dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c\nin the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not reject unknown TLV types, which allows remote\nattackers to cause a denial of service (out-of-bounds read and\napplication crash) via a crafted packet.\n\n- CVE-2015-8729 (denial of service)\nThe ascend_seek function in wiretap/ascendtext.c in the Ascend file\nparser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does\nnot ensure the presence of a '\\0' character at the end of a date\nstring, which allows remote attackers to cause a denial of service\n(out-of-bounds read and application crash) via a crafted file.\n\n- CVE-2015-8728 (denial of service)\nThe Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in\nthe ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in\nthe GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function,\nwhich allows remote attackers to cause a denial of service (buffer\noverflow and application crash) via a crafted packet.\n\n- CVE-2015-8727 (denial of service)\nThe dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in\nthe RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not properly maintain request-key data, which allows remote\nattackers to cause a denial of service (use-after-free and application\ncrash) via a crafted packet\n\n- CVE-2015-8726 (denial of service)\nwiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before\n1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and\nModulation and Coding Scheme (MCS) data, which allows remote attackers\nto cause a denial of service (out-of-bounds read and application\ncrash) via a crafted file.\n\n- CVE-2015-8725 (denial of service)\nThe dissect_diameter_base_framed_ipv6_prefix function in\nepan/dissectors/packet-diameter.c in the DIAMETER dissector in\nWireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not\nvalidate the IPv6 prefix length, which allows remote attackers to\ncause a denial of service (stack-based buffer overflow and application\ncrash) via a crafted packet.\n\n- CVE-2015-8724 (denial of service)\nThe AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c\nin the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x\nbefore 2.0.1 does not verify the WPA broadcast key length, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread and application crash) via a crafted packet.\n\n- CVE-2015-8723 (denial of service)\nThe AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the\n802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before\n2.0.1 does not validate the relationship between the total length and\nthe capture length, which allows remote attackers to cause a denial of\nservice (stack-based buffer overflow and application crash) via a\ncrafted packet.\n\n- CVE-2015-8722 (denial of service)\nepan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the\nframe pointer, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.\n\n- CVE-2015-8721 (denial of service)\nBuffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c\nin Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote\nattackers to cause a denial of service (application crash) via a\ncrafted packet with zlib compression.\n\n- CVE-2015-8720 (denial of service)\nThe dissect_ber_GeneralizedTime function in\nepan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x\nbefore 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf\nreturn value, which allows remote attackers to cause a denial of\nservice (application crash) via a crafted packet.\n\n- CVE-2015-8718 (denial of service)\nDouble free vulnerability in epan/dissectors/packet-nlm.c in the NLM\ndissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1,\nwhen the "Match MSG/RES packets for async NLM" option is enabled,\nallows remote attackers to cause a denial of service (application\ncrash) via a crafted packet.\n\n- CVE-2015-8711 (denial of service)\nepan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark\n1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate\nconversation data, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\npacket.", "modified": "2016-01-09T00:00:00", "published": "2016-01-09T00:00:00", "id": "ASA-201601-4", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html", "type": "archlinux", "title": "wireshark-cli: denial of service", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:46:29", "bulletinFamily": "info", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8741", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2015-8722", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8736", "CVE-2015-8726", "CVE-2015-8731", "CVE-2015-8739", "CVE-2015-8724", "CVE-2015-8742", "CVE-2015-8738", "CVE-2015-8723", "CVE-2015-8720", "CVE-2015-8725", "CVE-2015-8737", "CVE-2015-8735", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8734", "CVE-2015-8740", "CVE-2015-8718"], "description": "### *Detect date*:\n01/04/2016\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.\n\n### *Affected products*:\nWireshark 1.12 versions earlier than 1.12.9 \nWireshark 2.0 versions earlier than 2.0.1\n\n### *Solution*:\nUpdate to the latest version \n[Download Wireshark](<https://www.wireshark.org/#download>)\n\n### *Original advisories*:\n[Wireshark adviosries list](<https://www.wireshark.org/security/>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Wireshark](<https://threats.kaspersky.com/en/product/Wireshark/>)\n\n### *CVE-IDS*:\n[CVE-2015-8727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8727>)4.3Warning \n[CVE-2015-8719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8719>)4.3Warning \n[CVE-2015-8720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8720>)4.3Warning \n[CVE-2015-8717](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8717>)4.3Warning \n[CVE-2015-8718](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8718>)4.3Warning \n[CVE-2015-8723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8723>)4.3Warning \n[CVE-2015-8724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8724>)4.3Warning \n[CVE-2015-8721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8721>)4.3Warning \n[CVE-2015-8722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8722>)4.3Warning \n[CVE-2015-8715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8715>)4.3Warning \n[CVE-2015-8716](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8716>)4.3Warning \n[CVE-2015-8735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8735>)4.3Warning \n[CVE-2015-8736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8736>)4.3Warning \n[CVE-2015-8737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8737>)4.3Warning \n[CVE-2015-8738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8738>)4.3Warning \n[CVE-2015-8739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8739>)4.3Warning \n[CVE-2015-8740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8740>)4.3Warning \n[CVE-2015-8741](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8741>)4.3Warning \n[CVE-2015-8742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8742>)4.3Warning \n[CVE-2015-8726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8726>)4.3Warning \n[CVE-2015-8725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8725>)4.3Warning \n[CVE-2015-8730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8730>)4.3Warning \n[CVE-2015-8729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8729>)4.3Warning \n[CVE-2015-8728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8728>)4.3Warning \n[CVE-2015-8713](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8713>)4.3Warning \n[CVE-2015-8734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8734>)4.3Warning \n[CVE-2015-8733](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8733>)4.3Warning \n[CVE-2015-8732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8732>)4.3Warning \n[CVE-2015-8731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8731>)4.3Warning \n[CVE-2015-8714](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8714>)4.3Warning", "edition": 40, "modified": "2020-05-22T00:00:00", "published": "2016-01-04T00:00:00", "id": "KLA10730", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10730", "title": "\r KLA10730Denial of service vulnerabilities in Wireshark ", "type": "kaspersky", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2016-11-09T00:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2015-8713", "CVE-2015-8741", "CVE-2016-4082", "CVE-2016-2531", "CVE-2015-8722", "CVE-2016-2527", "CVE-2016-2530", "CVE-2016-2524", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8736", "CVE-2015-8726", "CVE-2016-2521", "CVE-2015-8731", "CVE-2015-8739", "CVE-2015-8724", "CVE-2015-8742", "CVE-2015-8738", "CVE-2016-2529", "CVE-2016-2528", "CVE-2016-2526", "CVE-2015-8737", "CVE-2015-8735", "CVE-2015-8727", "CVE-2015-8728", "CVE-2016-2532", "CVE-2015-8712", "CVE-2016-2525", "CVE-2016-2522", "CVE-2015-8732", "CVE-2015-8734", "CVE-2015-8740"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can refrain from running Wireshark (tshark) on the ARX system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL12766: ARX hotfix matrix\n", "modified": "2016-06-24T00:00:00", "published": "2016-06-24T00:00:00", "id": "SOL87669052", "href": "http://support.f5.com/kb/en-us/solutions/public/k/87/sol87669052.html", "type": "f5", "title": "SOL87669052 - Multiple Wireshark (tshark) vulnerabilities", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:10", "bulletinFamily": "software", "cvelist": ["CVE-2015-8713", "CVE-2015-8741", "CVE-2016-4082", "CVE-2016-2531", "CVE-2015-8722", "CVE-2016-2527", "CVE-2016-2530", "CVE-2016-2524", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8736", "CVE-2015-8726", "CVE-2016-2521", "CVE-2015-8731", "CVE-2015-8739", "CVE-2015-8724", "CVE-2015-8742", "CVE-2015-8738", "CVE-2016-2529", "CVE-2016-2528", "CVE-2016-2526", "CVE-2015-8737", "CVE-2015-8735", "CVE-2015-8727", "CVE-2015-8728", "CVE-2016-2532", "CVE-2015-8712", "CVE-2016-2525", "CVE-2016-2522", "CVE-2015-8732", "CVE-2015-8734", "CVE-2015-8740"], "edition": 1, "description": "\nF5 Product Development has assigned ID 600847 (ARX) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nARX| 6.2.0 - 6.4.0| None| Low| Wireshark (tshark) \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can refrain from running Wireshark (tshark) on the ARX system.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "modified": "2017-03-10T00:27:00", "published": "2016-06-25T00:41:00", "href": "https://support.f5.com/csp/article/K87669052", "id": "F5:K87669052", "title": " Multiple Wireshark (tshark) vulnerabilities", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8713", "CVE-2015-8717", "CVE-2015-8741", "CVE-2015-8730", "CVE-2015-8714", "CVE-2015-8733", "CVE-2016-2531", "CVE-2015-8722", "CVE-2016-2527", "CVE-2016-2530", "CVE-2016-2524", "CVE-2015-8719", "CVE-2015-8715", "CVE-2015-8736", "CVE-2015-8726", "CVE-2016-2521", "CVE-2015-8731", "CVE-2015-8739", "CVE-2015-8724", "CVE-2015-8742", "CVE-2015-8738", "CVE-2016-2529", "CVE-2015-8723", "CVE-2015-8720", "CVE-2016-2528", "CVE-2016-2526", "CVE-2015-8725", "CVE-2015-8737", "CVE-2015-8735", "CVE-2015-8729", "CVE-2015-8721", "CVE-2015-8727", "CVE-2015-8728", "CVE-2016-2532", "CVE-2015-8712", "CVE-2016-2523", "CVE-2016-2525", "CVE-2016-2522", "CVE-2015-8732", "CVE-2015-8716", "CVE-2015-8734", "CVE-2015-8711", "CVE-2015-8740", "CVE-2015-8718"], "description": "### Background\n\nWireshark is a network protocol analyzer formerly known as ethereal.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers could cause Denial of Service and local attackers could escalate privileges. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-2.0.2\"", "edition": 1, "modified": "2016-04-26T00:00:00", "published": "2016-04-26T00:00:00", "id": "GLSA-201604-05", "href": "https://security.gentoo.org/glsa/201604-05", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
