Debian Wireshark vulnerabilities

CVE-2016-2532 [MEDIUM] CVE-2016-2532: wireshark - The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLR... The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-

CVE-2016-4418 [MEDIUM] CVE-2016-4418: wireshark - epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x befo... epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (fixed in 2.0.2+ga16e22e-1) fork

CVE-2016-5355 [MEDIUM] CVE-2016-5355: wireshark - wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 ... wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 2.0.4+gdd7746e-1) bullseye: resolved (fixed in 2.0.4+gdd7746e-1) forky: resol

CVE-2016-7176 [MEDIUM] CVE-2016-7176: wireshark - epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0... epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.2.0~rc1+g438c022-1) bullseye: resolved (fixed in 2.2.0

CVE-2016-5356 [MEDIUM] CVE-2016-5356: wireshark - wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 an... wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 2.0.4+gdd7746e-1) bullseye: resolved (fixed in 2.0.4+gdd7746e-1) forky: resolve

CVE-2016-4420 [MEDIUM] CVE-2016-4420: wireshark - The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause... The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (fixed in 2.0.2+ga16e22e-1) forky: resolved (fixed in 2.0.2+ga16e22e-1) sid: resolved (fixed in 2.0.2+ga16e22e-1) trixie: resolved (fixed in 2.0

CVE-2016-7179 [MEDIUM] CVE-2016-7179: wireshark - Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the ... Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.2.0~rc1+g438c022-1) bullseye: resolved (fixed in 2.2.0~rc1+g438c022-1) forky: resolved (fi

CVE-2016-2530 [MEDIUM] CVE-2016-2530: wireshark - The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL ... The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.

CVE-2016-2527 [MEDIUM] CVE-2016-2527: wireshark - wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wiresh... wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 2.0.2+ga16

CVE-2016-5359 [MEDIUM] CVE-2016-5359: wireshark - epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before... epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0) bullseye: resolved (fixed in 2.0) forky: resolved (fixed in 2.0) sid: resolved (fixed in 2.0

CVE-2016-2523 [MEDIUM] CVE-2016-2523: wireshark - The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 ... The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (fixed in 2.0.2+ga16e22e-1) forky: resolved (fix

CVE-2016-6508 [MEDIUM] CVE-2016-6508: wireshark - epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.1... epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.5+ga3be9c6-1) bullseye: resolved (fixed in 2.0.5+ga3be9c6-1) forky: resolved (fixed

CVE-2016-6506 [MEDIUM] CVE-2016-6506: wireshark - epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.1... epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.5+ga3be9c6-1) bullseye: resolved (fixed in 2.0.5+ga3be9c6-1) forky: resolved (fixed in 2.0.5+ga3be9c6-1) sid: resolved (fix

CVE-2016-4415 [MEDIUM] CVE-2016-4415: wireshark - wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 i... wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (fixed in 2.0.2+ga16e22e-1) forky

CVE-2016-2524 [MEDIUM] CVE-2016-2524: wireshark - epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x befo... epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (fixed in 2.0.2+ga16e22e-1) forky: resolved (fixed in 2.0.2+ga16e22e

CVE-2016-9374 [MEDIUM] CVE-2016-9374: wireshark - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could cras... In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. Scope: local bookworm: resolved (fixed in 2.2.2+g9c5aae3-1) bullseye:

CVE-2016-9375 [MEDIUM] CVE-2016-9375: wireshark - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into ... In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. Scope: local bookworm: resolved (fixed in 2.2.2+g9c5aae3-1) bullseye: resolved (fixed in 2.2.2+g9c5aae3-1) forky: res

CVE-2016-5351 [MEDIUM] CVE-2016-5351: wireshark - epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.... epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.4+gdd7746e-1) bullseye: resolved (fixed in 2.0.4+gdd7746e-1) forky: res

CVE-2016-6512 [MEDIUM] CVE-2016-6512: wireshark - epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow che... epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. Scope: local bookworm: resolved (fixed in 2.0.5+ga3be9c6-1) bullseye: resolved (fixed in 2.0.5+ga3b

CVE-2016-5358 [MEDIUM] CVE-2016-5358: wireshark - epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before... epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.4+gdd7746e-1) bullseye: resolved (fixed in 2.0.4+gdd7746e-1) forky: resolved (fixed in 2.0.4