Debian Wireshark vulnerabilities

CVE-2017-9349 [HIGH] CVE-2017-9349: wireshark - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infi... In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie: resolved (fixed in 2.2.7-1)

CVE-2017-15191 [HIGH] CVE-2017-15191: wireshark - In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissec... In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. Scope: local bookworm: resolved (fixed in 2.4.2-1) bullseye: resolved (fixed in 2.4.2-1) forky: resolved (fixed in 2.4.2-1) sid: resolved (fixed in 2.4.2-1) trixie: resolved (fixed in 2.4

CVE-2017-15193 [HIGH] CVE-2017-15193: wireshark - In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash o... In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. Scope: local bookworm: resolved (fixed in 2.4.2-1) bullseye: resolved (fixed in 2.4.2-1) forky: resolved (fixed in 2.4.2-1) sid: resolved (fixed in 2.4.2-1) trixie:

CVE-2017-9344 [HIGH] CVE-2017-9344: wireshark - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector c... In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie: resolved (fixe

CVE-2017-9617 [MEDIUM] CVE-2017-9617: wireshark - In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontro... In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed in 2.4.0-1) forky: resolved (fixed in 2.4.0-1) sid: resolved (fixed in 2.4.0-1) trixie: resolved (fi

CVE-2017-9616 [MEDIUM] CVE-2017-9616: wireshark - In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrol... In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed in 2.4.0-1) forky: resolved (fixed in 2.4.0-1) sid: resolved (fixed in 2.4.0-1) trixie: resolved (fixed in 2.4.0-1)

CVE-2017-9345 [HIGH] CVE-2017-9345: wireshark - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into... In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.7-1) trixie: resolv

CVE-2017-11407 [HIGH] CVE-2017-11407: wireshark - In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. T... In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed in 2.4.0-1) forky: resolved (fixed in 2.4.0-1) sid: resolved (fixed in 2.4.0-1) trixie: resolved

CVE-2017-15190 [HIGH] CVE-2017-15190: wireshark - In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed ... In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. Scope: local bookworm: resolved (fixed in 2.4.2-1) bullseye: resolved (fixed in 2.4.2-1) forky: resolved (fixed in 2.4.2-1) sid: resolved (fixed in 2.4.2-1) trixie: resolved (fixed in 2.4.2-1)

CVE-2017-7702 [HIGH] CVE-2017-7702: wireshark - In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go in... In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. Scope: local bookworm: resolved (fixed in 2.2.6+g32dac6a-1) bullseye: resolved (fixed in 2.2.6+g32dac6a-1) forky: resolved (fi

CVE-2017-7703 [HIGH] CVE-2017-7703: wireshark - In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash,... In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. Scope: local bookworm: resolved (fixed in 2.2.6+g32dac6a-1) bullseye: resolved (fixed in 2.2.6+g32dac6a-1) forky: resolved (fixed in 2.2.

CVE-2017-11409 [HIGH] CVE-2017-11409: wireshark - In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop.... In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. Scope: local bookworm: resolved (fixed in 2.2.0~rc1+g438c022-1) bullseye: resolved (fixed in 2.2.0~rc1+g438c022-1) forky: resolved (fixed in 2.2.0~rc1+g438c022-1) sid: resolved (fixed in 2.

CVE-2017-9351 [HIGH] CVE-2017-9351: wireshark - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read p... In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. Scope: local bookworm: resolved (fixed in 2.2.7-1) bullseye: resolved (fixed in 2.2.7-1) forky: resolved (fixed in 2.2.7-1) sid: resolved (fixed in 2.2.

CVE-2016-7957 [HIGH] CVE-2016-7957: wireshark - In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by pack... In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. Scope: local bookworm: resolved (fixed in 2.2.1+ga6fbd27-1) bullseye: resolved (fixed in 2.2.1+ga6fbd27-1) forky: resol

CVE-2016-7958 [HIGH] CVE-2016-7958: wireshark - In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection... In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. Scope: local bookworm: resolved (fixed in 2.2.1+ga6fbd27-1) bullseye: resolved (fixed in 2.2.1+ga6fbd27-1) forky: resolved (fixed in 2.2.1+ga6fbd27-1) sid: resolved (fixed in

CVE-2016-5350 [HIGH] CVE-2016-5350: wireshark - epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.1... epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.4+gdd7746e-1) bullseye: resolved (fixed in 2.0.4+gdd7746e-1) forky: resolv

CVE-2016-2529 [MEDIUM] CVE-2016-2529: wireshark - The iseries_check_file_type function in wiretap/iseries.c in the iSeries file pa... The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22

CVE-2016-7175 [MEDIUM] CVE-2016-7175: wireshark - epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x befor... epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.2.0~rc1+g438c022-1) bullseye: resolved (fixed in 2.2.0~rc1+g438c022-1) forky: res

CVE-2016-5354 [MEDIUM] CVE-2016-5354: wireshark - The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishan... The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.4+gdd7746e-1) bullseye: resolved (fixed in 2.0.4+gdd7746e-1) forky: resolved (fixed in 2.0.4+gdd7746e-1) sid: resolved (f

CVE-2016-7178 [MEDIUM] CVE-2016-7178: wireshark - epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x befor... epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.2.0~rc1+g438c022-1) bullseye: resolved