LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-3627 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3627 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-3628 CVE STATUS: Patched CVE SUMMARY: Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3628 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-3630 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3630 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-3631 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3631 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-4330 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4330 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-4331 CVE STATUS: Patched CVE SUMMARY: Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4331 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-4332 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4332 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-4333 CVE STATUS: Patched CVE SUMMARY: The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4333 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-4574 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4574 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-4805 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4805 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-5468 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5468 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-5469 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5469 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-5595 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5595 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2006-5740 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5740 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-0456 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0456 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-0457 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0457 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-0458 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0458 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-0459 CVE STATUS: Patched CVE SUMMARY: packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0459 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-3389 CVE STATUS: Patched CVE SUMMARY: Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3389 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-3390 CVE STATUS: Patched CVE SUMMARY: Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3390 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-3391 CVE STATUS: Patched CVE SUMMARY: Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3391 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-3392 CVE STATUS: Patched CVE SUMMARY: Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3392 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-3393 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3393 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6111 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6111 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6112 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6112 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6113 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6113 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6114 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6114 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6115 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6115 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6116 CVE STATUS: Patched CVE SUMMARY: The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6116 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6117 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6117 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6118 CVE STATUS: Patched CVE SUMMARY: The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6118 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6119 CVE STATUS: Patched CVE SUMMARY: The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6119 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6120 CVE STATUS: Patched CVE SUMMARY: The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6120 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6121 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6121 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6438 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6438 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6439 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6439 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6441 CVE STATUS: Patched CVE SUMMARY: The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6441 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6450 CVE STATUS: Patched CVE SUMMARY: The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6450 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2007-6451 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6451 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-1070 CVE STATUS: Patched CVE SUMMARY: The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1070 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-1071 CVE STATUS: Patched CVE SUMMARY: The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1071 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-1072 CVE STATUS: Patched CVE SUMMARY: The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1072 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-1561 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1561 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-1562 CVE STATUS: Patched CVE SUMMARY: The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1562 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-1563 CVE STATUS: Patched CVE SUMMARY: The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1563 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-3137 CVE STATUS: Patched CVE SUMMARY: The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3137 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-3138 CVE STATUS: Patched CVE SUMMARY: The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3138 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-3139 CVE STATUS: Patched CVE SUMMARY: The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3139 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-3140 CVE STATUS: Patched CVE SUMMARY: The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3140 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-3141 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3141 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-3145 CVE STATUS: Patched CVE SUMMARY: The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3145 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-3146 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3146 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-3932 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3932 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-3933 CVE STATUS: Patched CVE SUMMARY: Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3933 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-3934 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3934 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-4680 CVE STATUS: Patched CVE SUMMARY: packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4680 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-4681 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4681 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-4682 CVE STATUS: Patched CVE SUMMARY: wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4682 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-4683 CVE STATUS: Patched CVE SUMMARY: The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4683 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-4684 CVE STATUS: Patched CVE SUMMARY: packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4684 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-4685 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4685 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-5285 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5285 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2008-6472 CVE STATUS: Patched CVE SUMMARY: The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6472 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-0599 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0599 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-0600 CVE STATUS: Patched CVE SUMMARY: Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0600 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-0601 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0601 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-1210 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1210 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-1266 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1266 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-1267 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1267 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-1268 CVE STATUS: Patched CVE SUMMARY: The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1268 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-1269 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1269 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-1829 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1829 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-2559 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2559 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-2560 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2560 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-2561 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2561 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-2562 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2562 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-2563 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2563 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-3241 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3241 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-3242 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3242 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-3243 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3243 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-3549 CVE STATUS: Patched CVE SUMMARY: packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3549 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-3550 CVE STATUS: Patched CVE SUMMARY: The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3550 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-3551 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3551 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-3829 CVE STATUS: Patched CVE SUMMARY: Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability." CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3829 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-4376 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4376 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-4377 CVE STATUS: Patched CVE SUMMARY: The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4377 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2009-4378 CVE STATUS: Patched CVE SUMMARY: The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4378 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-0304 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0304 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-1455 CVE STATUS: Patched CVE SUMMARY: The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1455 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-2283 CVE STATUS: Patched CVE SUMMARY: The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2283 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-2284 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2284 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-2285 CVE STATUS: Patched CVE SUMMARY: The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2285 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-2286 CVE STATUS: Patched CVE SUMMARY: The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2286 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-2287 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2287 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-2992 CVE STATUS: Patched CVE SUMMARY: packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2992 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-2993 CVE STATUS: Patched CVE SUMMARY: The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2993 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-2994 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2994 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-2995 CVE STATUS: Patched CVE SUMMARY: The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2995 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-3133 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3133 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-3445 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3445 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-4300 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4300 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-4301 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4301 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2010-4538 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4538 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-0024 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0024 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-0444 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0444 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-0445 CVE STATUS: Patched CVE SUMMARY: The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0445 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-0538 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0538 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-0713 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0713 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1138 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1138 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1139 CVE STATUS: Patched CVE SUMMARY: wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1139 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1140 CVE STATUS: Patched CVE SUMMARY: Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1140 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1141 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1141 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1142 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1142 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1143 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1143 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1590 CVE STATUS: Patched CVE SUMMARY: The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1590 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1591 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1591 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1592 CVE STATUS: Patched CVE SUMMARY: The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1592 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1956 CVE STATUS: Patched CVE SUMMARY: The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1956 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1957 CVE STATUS: Patched CVE SUMMARY: The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1957 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1958 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1958 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-1959 CVE STATUS: Patched CVE SUMMARY: The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1959 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-2174 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2174 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-2175 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2175 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-2597 CVE STATUS: Patched CVE SUMMARY: The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2597 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-2698 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2698 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-3266 CVE STATUS: Patched CVE SUMMARY: The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3266 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-3360 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3360 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-3482 CVE STATUS: Patched CVE SUMMARY: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3482 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-3483 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3483 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-3484 CVE STATUS: Patched CVE SUMMARY: The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3484 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-4100 CVE STATUS: Patched CVE SUMMARY: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4100 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-4101 CVE STATUS: Patched CVE SUMMARY: The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4101 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2011-4102 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4102 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-0041 CVE STATUS: Patched CVE SUMMARY: The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0041 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-0042 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0042 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-0043 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0043 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-0066 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0066 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-0067 CVE STATUS: Patched CVE SUMMARY: wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0067 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-0068 CVE STATUS: Patched CVE SUMMARY: The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0068 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-1593 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1593 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-1594 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1594 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-1595 CVE STATUS: Patched CVE SUMMARY: The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1595 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-1596 CVE STATUS: Patched CVE SUMMARY: The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1596 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-2392 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2392 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-2393 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2393 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-2394 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2394 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-3548 CVE STATUS: Patched CVE SUMMARY: The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3548 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-3825 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3825 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-3826 CVE STATUS: Patched CVE SUMMARY: Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3826 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4048 CVE STATUS: Patched CVE SUMMARY: The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4048 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4049 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4049 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4285 CVE STATUS: Patched CVE SUMMARY: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4285 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4286 CVE STATUS: Patched CVE SUMMARY: The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4286 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4287 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4287 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4288 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4288 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4289 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4289 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4290 CVE STATUS: Patched CVE SUMMARY: The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4290 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4291 CVE STATUS: Patched CVE SUMMARY: The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4291 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4292 CVE STATUS: Patched CVE SUMMARY: The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4292 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4293 CVE STATUS: Patched CVE SUMMARY: plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4293 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4294 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4294 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4295 CVE STATUS: Patched CVE SUMMARY: Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4295 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4296 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4296 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4297 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet. CVSS v2 BASE SCORE: 8.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4297 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-4298 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow. CVSS v2 BASE SCORE: 5.4 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4298 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-5237 CVE STATUS: Patched CVE SUMMARY: The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5237 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-5238 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5238 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-5240 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5240 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6052 CVE STATUS: Patched CVE SUMMARY: Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6052 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6053 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6053 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6054 CVE STATUS: Patched CVE SUMMARY: The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6054 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6055 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6055 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6056 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6056 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6057 CVE STATUS: Patched CVE SUMMARY: The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6057 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6058 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6058 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6059 CVE STATUS: Patched CVE SUMMARY: The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6059 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6060 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6060 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6061 CVE STATUS: Patched CVE SUMMARY: The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6061 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2012-6062 CVE STATUS: Patched CVE SUMMARY: The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6062 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1572 CVE STATUS: Patched CVE SUMMARY: The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1572 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1573 CVE STATUS: Patched CVE SUMMARY: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1573 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1574 CVE STATUS: Patched CVE SUMMARY: The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1574 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1575 CVE STATUS: Patched CVE SUMMARY: The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1575 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1576 CVE STATUS: Patched CVE SUMMARY: The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1576 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1577 CVE STATUS: Patched CVE SUMMARY: The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1577 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1578 CVE STATUS: Patched CVE SUMMARY: The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1578 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1579 CVE STATUS: Patched CVE SUMMARY: The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1579 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1580 CVE STATUS: Patched CVE SUMMARY: The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1580 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1581 CVE STATUS: Patched CVE SUMMARY: The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1581 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1582 CVE STATUS: Patched CVE SUMMARY: The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1582 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1583 CVE STATUS: Patched CVE SUMMARY: The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1583 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1584 CVE STATUS: Patched CVE SUMMARY: The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1584 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1585 CVE STATUS: Patched CVE SUMMARY: epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1585 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1586 CVE STATUS: Patched CVE SUMMARY: The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1586 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1587 CVE STATUS: Patched CVE SUMMARY: The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1587 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1588 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1588 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1589 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1589 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-1590 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1590 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2475 CVE STATUS: Patched CVE SUMMARY: The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2475 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2476 CVE STATUS: Patched CVE SUMMARY: The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2476 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2477 CVE STATUS: Patched CVE SUMMARY: The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2477 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2478 CVE STATUS: Patched CVE SUMMARY: The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2478 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2479 CVE STATUS: Patched CVE SUMMARY: The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2479 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2480 CVE STATUS: Patched CVE SUMMARY: The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2480 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2481 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. CVSS v2 BASE SCORE: 2.9 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2481 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2482 CVE STATUS: Patched CVE SUMMARY: The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2482 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2483 CVE STATUS: Patched CVE SUMMARY: The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2483 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2484 CVE STATUS: Patched CVE SUMMARY: The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2484 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2485 CVE STATUS: Patched CVE SUMMARY: The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2485 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2486 CVE STATUS: Patched CVE SUMMARY: The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. CVSS v2 BASE SCORE: 6.1 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2486 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2487 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2487 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-2488 CVE STATUS: Patched CVE SUMMARY: The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2488 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-3555 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3555 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-3556 CVE STATUS: Patched CVE SUMMARY: The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3556 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-3557 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3557 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-3558 CVE STATUS: Patched CVE SUMMARY: The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3558 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-3559 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3559 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-3560 CVE STATUS: Patched CVE SUMMARY: The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3560 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-3561 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3561 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-3562 CVE STATUS: Patched CVE SUMMARY: Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3562 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4074 CVE STATUS: Patched CVE SUMMARY: The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4074 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4075 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4075 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4076 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4076 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4077 CVE STATUS: Patched CVE SUMMARY: Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4077 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4078 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4078 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4079 CVE STATUS: Patched CVE SUMMARY: The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4079 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4080 CVE STATUS: Patched CVE SUMMARY: The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4080 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4081 CVE STATUS: Patched CVE SUMMARY: The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4081 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4082 CVE STATUS: Patched CVE SUMMARY: The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4082 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4083 CVE STATUS: Patched CVE SUMMARY: The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4083 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4920 CVE STATUS: Patched CVE SUMMARY: The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4920 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4921 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4921 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4922 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4922 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4923 CVE STATUS: Patched CVE SUMMARY: Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4923 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4924 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4924 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4925 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4925 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4926 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4926 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4927 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4927 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4928 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4928 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4929 CVE STATUS: Patched CVE SUMMARY: The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4929 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4930 CVE STATUS: Patched CVE SUMMARY: The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4930 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4931 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4931 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4932 CVE STATUS: Patched CVE SUMMARY: Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4932 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4933 CVE STATUS: Patched CVE SUMMARY: The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4933 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4934 CVE STATUS: Patched CVE SUMMARY: The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4934 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4935 CVE STATUS: Patched CVE SUMMARY: The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4935 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-4936 CVE STATUS: Patched CVE SUMMARY: The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4936 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-5717 CVE STATUS: Patched CVE SUMMARY: The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5717 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-5718 CVE STATUS: Patched CVE SUMMARY: The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5718 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-5719 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5719 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-5720 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5720 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-5721 CVE STATUS: Patched CVE SUMMARY: The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5721 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-5722 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5722 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-6336 CVE STATUS: Patched CVE SUMMARY: The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6336 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-6337 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6337 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-6338 CVE STATUS: Patched CVE SUMMARY: The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6338 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-6339 CVE STATUS: Patched CVE SUMMARY: The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6339 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-6340 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6340 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-7112 CVE STATUS: Patched CVE SUMMARY: The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7112 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-7113 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7113 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2013-7114 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7114 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-2281 CVE STATUS: Patched CVE SUMMARY: The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2281 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-2282 CVE STATUS: Patched CVE SUMMARY: The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2282 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-2283 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2283 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-2299 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2299 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-2907 CVE STATUS: Patched CVE SUMMARY: The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2907 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-4020 CVE STATUS: Patched CVE SUMMARY: The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4020 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-4174 CVE STATUS: Patched CVE SUMMARY: wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4174 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-5161 CVE STATUS: Patched CVE SUMMARY: The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5161 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-5162 CVE STATUS: Patched CVE SUMMARY: The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5162 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-5163 CVE STATUS: Patched CVE SUMMARY: The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5163 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-5164 CVE STATUS: Patched CVE SUMMARY: The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5164 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-5165 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5165 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6421 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6421 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6422 CVE STATUS: Patched CVE SUMMARY: The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6422 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6423 CVE STATUS: Patched CVE SUMMARY: The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6423 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6424 CVE STATUS: Patched CVE SUMMARY: The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6424 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6425 CVE STATUS: Patched CVE SUMMARY: The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6425 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6426 CVE STATUS: Patched CVE SUMMARY: The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6426 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6427 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6427 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6428 CVE STATUS: Patched CVE SUMMARY: The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6428 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6429 CVE STATUS: Patched CVE SUMMARY: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6429 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6430 CVE STATUS: Patched CVE SUMMARY: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6430 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6431 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6431 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-6432 CVE STATUS: Patched CVE SUMMARY: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6432 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-8710 CVE STATUS: Patched CVE SUMMARY: The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8710 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-8711 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8711 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-8712 CVE STATUS: Patched CVE SUMMARY: The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8712 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-8713 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8713 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2014-8714 CVE STATUS: Patched CVE SUMMARY: The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8714 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-0559 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0559 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-0560 CVE STATUS: Patched CVE SUMMARY: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0560 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-0561 CVE STATUS: Patched CVE SUMMARY: asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0561 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-0562 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0562 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-0563 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0563 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-0564 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0564 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-2187 CVE STATUS: Patched CVE SUMMARY: The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2187 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-2188 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2188 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-2189 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2189 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-2190 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2190 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-2191 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2191 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-2192 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2192 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-3182 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3182 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-3808 CVE STATUS: Patched CVE SUMMARY: The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3808 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-3809 CVE STATUS: Patched CVE SUMMARY: The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3809 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-3810 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3810 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-3811 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3811 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-3812 CVE STATUS: Patched CVE SUMMARY: Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3812 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-3813 CVE STATUS: Patched CVE SUMMARY: The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3813 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-3814 CVE STATUS: Patched CVE SUMMARY: The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3814 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-3815 CVE STATUS: Patched CVE SUMMARY: The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3815 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-3906 CVE STATUS: Patched CVE SUMMARY: The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3906 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-4651 CVE STATUS: Patched CVE SUMMARY: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4651 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-4652 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4652 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-6241 CVE STATUS: Patched CVE SUMMARY: The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6241 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-6242 CVE STATUS: Patched CVE SUMMARY: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6242 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-6243 CVE STATUS: Patched CVE SUMMARY: The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6243 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-6244 CVE STATUS: Patched CVE SUMMARY: The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6244 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-6245 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6245 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-6246 CVE STATUS: Patched CVE SUMMARY: The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6246 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-6247 CVE STATUS: Patched CVE SUMMARY: The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6247 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-6248 CVE STATUS: Patched CVE SUMMARY: The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6248 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-6249 CVE STATUS: Patched CVE SUMMARY: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6249 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-7830 CVE STATUS: Patched CVE SUMMARY: The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7830 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8711 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8711 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8712 CVE STATUS: Patched CVE SUMMARY: The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8712 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8713 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8713 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8714 CVE STATUS: Patched CVE SUMMARY: The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8714 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8715 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8715 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8716 CVE STATUS: Patched CVE SUMMARY: The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8716 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8717 CVE STATUS: Patched CVE SUMMARY: The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8717 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8718 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8718 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8719 CVE STATUS: Patched CVE SUMMARY: The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8719 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8720 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8720 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8721 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8721 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8722 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8722 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8723 CVE STATUS: Patched CVE SUMMARY: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8723 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8724 CVE STATUS: Patched CVE SUMMARY: The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8724 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8725 CVE STATUS: Patched CVE SUMMARY: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8725 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8726 CVE STATUS: Patched CVE SUMMARY: wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8726 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8727 CVE STATUS: Patched CVE SUMMARY: The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8727 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8728 CVE STATUS: Patched CVE SUMMARY: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8728 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8729 CVE STATUS: Patched CVE SUMMARY: The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8729 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8730 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8730 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8731 CVE STATUS: Patched CVE SUMMARY: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8731 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8732 CVE STATUS: Patched CVE SUMMARY: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8732 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8733 CVE STATUS: Patched CVE SUMMARY: The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8733 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8734 CVE STATUS: Patched CVE SUMMARY: The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8734 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8735 CVE STATUS: Patched CVE SUMMARY: The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8735 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8736 CVE STATUS: Patched CVE SUMMARY: The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8736 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8737 CVE STATUS: Patched CVE SUMMARY: The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8737 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8738 CVE STATUS: Patched CVE SUMMARY: The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8738 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8739 CVE STATUS: Patched CVE SUMMARY: The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8739 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8740 CVE STATUS: Patched CVE SUMMARY: The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8740 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8741 CVE STATUS: Patched CVE SUMMARY: The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8741 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2015-8742 CVE STATUS: Patched CVE SUMMARY: The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8742 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2521 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2521 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2522 CVE STATUS: Patched CVE SUMMARY: The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2522 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2523 CVE STATUS: Patched CVE SUMMARY: The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2523 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2524 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2524 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2525 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2525 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2526 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2526 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2527 CVE STATUS: Patched CVE SUMMARY: wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2527 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2528 CVE STATUS: Patched CVE SUMMARY: The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2528 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2529 CVE STATUS: Patched CVE SUMMARY: The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2529 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2530 CVE STATUS: Patched CVE SUMMARY: The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2530 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2531 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2531 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-2532 CVE STATUS: Patched CVE SUMMARY: The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2532 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4006 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4006 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4076 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4076 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4077 CVE STATUS: Patched CVE SUMMARY: epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4077 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4078 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4078 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4079 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4079 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4080 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4080 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4081 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4081 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4082 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4082 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4083 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4083 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4084 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4084 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4085 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4085 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4415 CVE STATUS: Patched CVE SUMMARY: wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4415 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4416 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4416 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4417 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4417 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4418 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4418 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4419 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4419 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4420 CVE STATUS: Patched CVE SUMMARY: The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4420 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-4421 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4421 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-5350 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5350 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-5351 CVE STATUS: Patched CVE SUMMARY: epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5351 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-5352 CVE STATUS: Patched CVE SUMMARY: epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5352 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-5353 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5353 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-5354 CVE STATUS: Patched CVE SUMMARY: The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5354 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-5355 CVE STATUS: Patched CVE SUMMARY: wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5355 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-5356 CVE STATUS: Patched CVE SUMMARY: wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5356 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-5357 CVE STATUS: Patched CVE SUMMARY: wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5357 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-5358 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5358 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-5359 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5359 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6503 CVE STATUS: Patched CVE SUMMARY: The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6503 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6504 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6504 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6505 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6505 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6506 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6506 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6507 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6507 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6508 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6508 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6509 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6509 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6510 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6510 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6511 CVE STATUS: Patched CVE SUMMARY: epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6511 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6512 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6512 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-6513 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6513 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-7175 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7175 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-7176 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7176 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-7177 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7177 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-7178 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7178 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-7179 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7179 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-7180 CVE STATUS: Patched CVE SUMMARY: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7180 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-7957 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7957 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-7958 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7958 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-9372 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9372 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-9373 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9373 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-9374 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9374 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-9375 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9375 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2016-9376 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9376 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-11406 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11406 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-11407 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11407 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-11408 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11408 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-11409 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11409 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-11410 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11410 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-11411 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11411 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-13764 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13764 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-13765 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13765 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-13766 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13766 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-13767 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13767 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-15189 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15189 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-15190 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15190 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-15191 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15191 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-15192 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15192 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-15193 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15193 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-17083 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17083 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-17084 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17084 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-17085 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17085 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-17935 CVE STATUS: Patched CVE SUMMARY: The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17935 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-17997 CVE STATUS: Patched CVE SUMMARY: In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17997 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-5596 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5596 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-5597 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5597 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-6014 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6014 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-6467 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6467 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-6468 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6468 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-6469 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6469 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-6470 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6470 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-6471 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6471 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-6472 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6472 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-6473 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6473 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-6474 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6474 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-7700 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7700 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-7701 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7701 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-7702 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7702 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-7703 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7703 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-7704 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7704 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-7705 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7705 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-7745 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7745 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-7746 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7746 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-7747 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7747 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-7748 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7748 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9343 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9343 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9344 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9344 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9345 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9345 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9346 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9346 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9347 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9347 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9348 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9348 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9349 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9349 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9350 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9350 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9351 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9351 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9352 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9352 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9353 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9353 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9354 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9354 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9616 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9616 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9617 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9617 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2017-9766 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9766 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-11354 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11354 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-11355 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11355 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-11356 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11356 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-11357 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11357 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-11358 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11358 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-11359 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11359 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-11360 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11360 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-11361 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11361 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-11362 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11362 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14339 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14339 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14340 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14340 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14341 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14341 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14342 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14342 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14343 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14343 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14344 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14344 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14367 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14367 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14368 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14368 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14369 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14369 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14370 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14370 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-14438 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14438 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-16056 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16056 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-16057 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16057 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-16058 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16058 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-18225 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18225 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-18226 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18226 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-18227 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18227 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-19622 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19622 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-19623 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19623 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-19624 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19624 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-19625 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19625 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-19626 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19626 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-19627 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19627 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-19628 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19628 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-5334 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5334 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-5335 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5335 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-5336 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5336 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-6836 CVE STATUS: Patched CVE SUMMARY: The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6836 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7320 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7320 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7321 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7321 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7322 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7322 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7323 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7323 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7324 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7324 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7325 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7325 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7326 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7326 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7327 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7327 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7328 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7328 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7329 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7329 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7330 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7330 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7331 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7331 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7332 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7332 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7333 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7333 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7334 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7334 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7335 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7335 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7336 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7336 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7337 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7337 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7417 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7417 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7418 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7418 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7419 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7419 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7420 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7420 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-7421 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7421 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9256 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9256 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9257 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9257 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9258 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9258 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9259 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9259 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9260 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9260 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9261 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9261 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9262 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9262 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9263 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9263 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9264 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9264 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9265 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9265 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9266 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9266 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9267 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9267 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9268 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9268 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9269 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9269 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9270 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9270 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9271 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9271 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9272 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9272 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9273 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9273 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2018-9274 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9274 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-10894 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10894 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-10895 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10895 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-10896 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10896 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-10897 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10897 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-10898 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10898 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-10899 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10899 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-10900 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10900 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-10901 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10901 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-10902 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10902 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-10903 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10903 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-12295 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12295 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-13619 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13619 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-16319 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16319 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-19553 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19553 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-5716 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5716 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-5717 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5717 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-5718 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5718 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-5719 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5719 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-5721 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5721 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-9208 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9208 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-9209 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9209 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2019-9214 CVE STATUS: Patched CVE SUMMARY: In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9214 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-11647 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11647 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-13164 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13164 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-15466 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15466 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-17498 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-17498 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-25862 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25862 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-25863 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25863 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-25866 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25866 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-26418 CVE STATUS: Patched CVE SUMMARY: Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26418 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-26419 CVE STATUS: Patched CVE SUMMARY: Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26419 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-26420 CVE STATUS: Patched CVE SUMMARY: Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.1 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26420 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-26421 CVE STATUS: Patched CVE SUMMARY: Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 4.2 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26421 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-26422 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26422 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-26575 CVE STATUS: Patched CVE SUMMARY: In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26575 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-28030 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28030 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-7044 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7044 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-7045 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7045 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-9428 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9428 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-9429 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9429 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-9430 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9430 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2020-9431 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9431 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-22173 CVE STATUS: Patched CVE SUMMARY: Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22173 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-22174 CVE STATUS: Patched CVE SUMMARY: Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 3.7 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22174 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-22191 CVE STATUS: Patched CVE SUMMARY: Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22191 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-22207 CVE STATUS: Patched CVE SUMMARY: Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22207 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-22222 CVE STATUS: Patched CVE SUMMARY: Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22222 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-22235 CVE STATUS: Patched CVE SUMMARY: Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-22235 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-39920 CVE STATUS: Patched CVE SUMMARY: NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39920 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-39921 CVE STATUS: Patched CVE SUMMARY: NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39921 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-39922 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39922 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-39923 CVE STATUS: Patched CVE SUMMARY: Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39923 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-39924 CVE STATUS: Patched CVE SUMMARY: Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39924 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-39925 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39925 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-39926 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39926 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-39928 CVE STATUS: Patched CVE SUMMARY: NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39928 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-39929 CVE STATUS: Patched CVE SUMMARY: Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39929 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-4181 CVE STATUS: Patched CVE SUMMARY: Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4181 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-4182 CVE STATUS: Patched CVE SUMMARY: Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4182 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-4183 CVE STATUS: Patched CVE SUMMARY: Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4183 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-4184 CVE STATUS: Patched CVE SUMMARY: Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4184 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-4185 CVE STATUS: Patched CVE SUMMARY: Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4185 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-4186 CVE STATUS: Patched CVE SUMMARY: Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4186 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2021-4190 CVE STATUS: Patched CVE SUMMARY: Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4190 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2022-0581 CVE STATUS: Patched CVE SUMMARY: Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0581 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2022-0582 CVE STATUS: Patched CVE SUMMARY: Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0582 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2022-0583 CVE STATUS: Patched CVE SUMMARY: Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0583 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2022-0585 CVE STATUS: Patched CVE SUMMARY: Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0585 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2022-0586 CVE STATUS: Patched CVE SUMMARY: Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0586 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2022-3190 CVE STATUS: Patched CVE SUMMARY: Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3190 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2022-3724 CVE STATUS: Patched CVE SUMMARY: Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3724 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2022-3725 CVE STATUS: Patched CVE SUMMARY: Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3725 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2022-4344 CVE STATUS: Patched CVE SUMMARY: Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4344 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2022-4345 CVE STATUS: Patched CVE SUMMARY: Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4345 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-0411 CVE STATUS: Patched CVE SUMMARY: Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0411 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-0412 CVE STATUS: Patched CVE SUMMARY: TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0412 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-0413 CVE STATUS: Patched CVE SUMMARY: Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0413 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-0414 CVE STATUS: Patched CVE SUMMARY: Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0414 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-0415 CVE STATUS: Patched CVE SUMMARY: iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0415 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-0416 CVE STATUS: Patched CVE SUMMARY: GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0416 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-0417 CVE STATUS: Patched CVE SUMMARY: Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0417 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-0666 CVE STATUS: Patched CVE SUMMARY: Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0666 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-0667 CVE STATUS: Patched CVE SUMMARY: Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0667 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-0668 CVE STATUS: Patched CVE SUMMARY: Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0668 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-1161 CVE STATUS: Patched CVE SUMMARY: ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1161 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-1992 CVE STATUS: Patched CVE SUMMARY: RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1992 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-1993 CVE STATUS: Patched CVE SUMMARY: LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1993 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-1994 CVE STATUS: Patched CVE SUMMARY: GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1994 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-2854 CVE STATUS: Patched CVE SUMMARY: BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2854 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-2855 CVE STATUS: Patched CVE SUMMARY: Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2855 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-2856 CVE STATUS: Patched CVE SUMMARY: VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2856 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-2857 CVE STATUS: Patched CVE SUMMARY: BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2857 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-2858 CVE STATUS: Patched CVE SUMMARY: NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2858 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-2879 CVE STATUS: Patched CVE SUMMARY: GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2879 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-2906 CVE STATUS: Patched CVE SUMMARY: Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2906 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-2952 CVE STATUS: Patched CVE SUMMARY: XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2952 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-3648 CVE STATUS: Patched CVE SUMMARY: Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3648 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-3649 CVE STATUS: Patched CVE SUMMARY: iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3649 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-4511 CVE STATUS: Patched CVE SUMMARY: BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4511 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-4512 CVE STATUS: Patched CVE SUMMARY: CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4512 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-4513 CVE STATUS: Patched CVE SUMMARY: BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4513 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-5371 CVE STATUS: Patched CVE SUMMARY: RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5371 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-6174 CVE STATUS: Patched CVE SUMMARY: SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6174 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2023-6175 CVE STATUS: Patched CVE SUMMARY: NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6175 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-0207 CVE STATUS: Patched CVE SUMMARY: HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0207 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-0208 CVE STATUS: Patched CVE SUMMARY: GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0208 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-0209 CVE STATUS: Patched CVE SUMMARY: IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0209 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-0210 CVE STATUS: Patched CVE SUMMARY: Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0210 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-0211 CVE STATUS: Patched CVE SUMMARY: DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0211 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-11595 CVE STATUS: Patched CVE SUMMARY: FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-11595 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-11596 CVE STATUS: Patched CVE SUMMARY: ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-11596 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-24476 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-24476 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-24478 CVE STATUS: Patched CVE SUMMARY: An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-24478 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-24479 CVE STATUS: Patched CVE SUMMARY: A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-24479 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-2955 CVE STATUS: Patched CVE SUMMARY: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-2955 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-4853 CVE STATUS: Patched CVE SUMMARY: Memory handling issue in editcap could cause denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-4853 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-4854 CVE STATUS: Patched CVE SUMMARY: MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.4 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-4854 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-4855 CVE STATUS: Patched CVE SUMMARY: Use after free issue in editcap could cause denial of service via crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.6 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-4855 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-8250 CVE STATUS: Patched CVE SUMMARY: NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-8250 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-8645 CVE STATUS: Patched CVE SUMMARY: SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-8645 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-9780 CVE STATUS: Patched CVE SUMMARY: ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-9780 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2024-9781 CVE STATUS: Patched CVE SUMMARY: AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-9781 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2025-11626 CVE STATUS: Patched CVE SUMMARY: MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-11626 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2025-13499 CVE STATUS: Patched CVE SUMMARY: Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-13499 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2025-13674 CVE STATUS: Patched CVE SUMMARY: BPv7 dissector crash in Wireshark 4.6.0 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-13674 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2025-13945 CVE STATUS: Patched CVE SUMMARY: HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-13945 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2025-13946 CVE STATUS: Patched CVE SUMMARY: MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-13946 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2025-1492 CVE STATUS: Patched CVE SUMMARY: Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1492 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2025-5601 CVE STATUS: Patched CVE SUMMARY: Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-5601 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2025-9817 CVE STATUS: Patched CVE SUMMARY: SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-9817 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-0959 CVE STATUS: Patched CVE SUMMARY: IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-0959 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-0960 CVE STATUS: Patched CVE SUMMARY: HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-0960 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-0961 CVE STATUS: Patched CVE SUMMARY: BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-0961 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-0962 CVE STATUS: Patched CVE SUMMARY: SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-0962 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-3201 CVE STATUS: Patched CVE SUMMARY: USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-3201 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-3202 CVE STATUS: Patched CVE SUMMARY: NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-3202 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-3203 CVE STATUS: Patched CVE SUMMARY: RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-3203 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5299 CVE STATUS: Patched CVE SUMMARY: ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5299 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5401 CVE STATUS: Patched CVE SUMMARY: AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5401 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5402 CVE STATUS: Patched CVE SUMMARY: TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 CVSS v4 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5402 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5403 CVE STATUS: Patched CVE SUMMARY: SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5403 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5404 CVE STATUS: Patched CVE SUMMARY: K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.7 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5404 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5405 CVE STATUS: Patched CVE SUMMARY: RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5405 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5406 CVE STATUS: Patched CVE SUMMARY: FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5406 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5407 CVE STATUS: Patched CVE SUMMARY: SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5407 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5408 CVE STATUS: Patched CVE SUMMARY: BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5408 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5409 CVE STATUS: Patched CVE SUMMARY: Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5409 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5653 CVE STATUS: Patched CVE SUMMARY: DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5653 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5654 CVE STATUS: Patched CVE SUMMARY: AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5654 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5655 CVE STATUS: Patched CVE SUMMARY: SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5655 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5656 CVE STATUS: Patched CVE SUMMARY: Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5656 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-5657 CVE STATUS: Patched CVE SUMMARY: iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-5657 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6519 CVE STATUS: Patched CVE SUMMARY: MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6519 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6520 CVE STATUS: Patched CVE SUMMARY: OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6520 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6521 CVE STATUS: Patched CVE SUMMARY: OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6521 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6522 CVE STATUS: Patched CVE SUMMARY: RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6522 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6523 CVE STATUS: Patched CVE SUMMARY: GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6523 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6524 CVE STATUS: Patched CVE SUMMARY: MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6524 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6525 CVE STATUS: Patched CVE SUMMARY: IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6525 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6526 CVE STATUS: Patched CVE SUMMARY: RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6526 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6527 CVE STATUS: Patched CVE SUMMARY: ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6527 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6528 CVE STATUS: Patched CVE SUMMARY: TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6528 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6529 CVE STATUS: Patched CVE SUMMARY: iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6529 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6530 CVE STATUS: Patched CVE SUMMARY: DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6530 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6531 CVE STATUS: Patched CVE SUMMARY: SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6531 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6532 CVE STATUS: Patched CVE SUMMARY: Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6532 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6533 CVE STATUS: Patched CVE SUMMARY: Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6533 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6534 CVE STATUS: Patched CVE SUMMARY: USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6534 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6535 CVE STATUS: Patched CVE SUMMARY: Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6535 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6536 CVE STATUS: Patched CVE SUMMARY: DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6536 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6537 CVE STATUS: Patched CVE SUMMARY: ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6537 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6538 CVE STATUS: Patched CVE SUMMARY: BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6538 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6867 CVE STATUS: Patched CVE SUMMARY: SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6867 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6868 CVE STATUS: Patched CVE SUMMARY: HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6868 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6869 CVE STATUS: Patched CVE SUMMARY: WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6869 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-6870 CVE STATUS: Patched CVE SUMMARY: GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-6870 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-7375 CVE STATUS: Patched CVE SUMMARY: UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-7375 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-7376 CVE STATUS: Patched CVE SUMMARY: Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-7376 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-7378 CVE STATUS: Patched CVE SUMMARY: Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-7378 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-7379 CVE STATUS: Patched CVE SUMMARY: Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-7379 LAYER: meta-networking PACKAGE NAME: wireshark-native PACKAGE VERSION: 1_4.2.14 CVE: CVE-2026-9759 CVE STATUS: Patched CVE SUMMARY: ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 CVSS v4 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2026-9759