Debian Wireshark vulnerabilities

CVE-2016-5357 [MEDIUM] CVE-2016-5357: wireshark - wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12... wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 2.0.4+gdd7746e-1) bullseye: resolved (fixed in 2.0.4+gdd7746e-1) forky: r

CVE-2016-6509 [MEDIUM] CVE-2016-6509: wireshark - epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1... epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.5+ga3be9c6-1) bullseye: resolved (fixed in 2.0.5+ga3be9c6-1) forky: resolved (fixed i

CVE-2016-4417 [MEDIUM] CVE-2016-4417: wireshark - Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML d... Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: reso

CVE-2016-4416 [MEDIUM] CVE-2016-4416: wireshark - epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x... epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (fixed in 2.0.2+ga16e22e-1) forky: re

CVE-2016-6511 [MEDIUM] CVE-2016-6511: wireshark - epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remo... epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.5+ga3be9c6-1) bullseye: resolved (fixed in 2.0.5+ga3be9c6-1) forky: resolved (fixed in 2.0.5+ga3be9c6-1) sid: resolved (fixed in 2.0.5+ga3be9c6-

CVE-2016-9376 [MEDIUM] CVE-2016-9376: wireshark - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could cra... In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. Scope: local bookworm: resolved (fixed in 2.2.2+g9c5aae3-1) bullseye: resolved (fixed in

CVE-2016-2531 [MEDIUM] CVE-2016-2531: wireshark - Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wiresha... Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. Scope: local bookworm: resolved (fixed in 2

CVE-2016-6507 [MEDIUM] CVE-2016-6507: wireshark - epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1... epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0) bullseye: resolved (fixed in 2.0) forky: resolved (fixed in 2.0) sid: resolved (fixed in 2.0) trixie: resolved (fixed in 2.0)

CVE-2016-4419 [MEDIUM] CVE-2016-4419: wireshark - epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.... epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (fixed in 2.0.2+ga16e22e-1) forky: resolved (fixed in 2.0.2+ga16e22e-1) sid: reso

CVE-2016-6505 [MEDIUM] CVE-2016-6505: wireshark - epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x ... epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.5+ga3be9c6-1) bullseye: resolved (fixed in 2.0.5+ga3be9c6-1) forky: resolved (fixed

CVE-2016-7180 [MEDIUM] CVE-2016-7180: wireshark - epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x... epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.2.0~rc1+g438c022-1) bullseye: resolved (fixed in 2.

CVE-2016-2522 [MEDIUM] CVE-2016-2522: wireshark - The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c i... The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e2

CVE-2016-5353 [MEDIUM] CVE-2016-5353: wireshark - epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x be... epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.4+gdd7746e-1) bullseye: resolved (fixed in 2.0.4+gdd7746e-1) forky: re

CVE-2016-4421 [MEDIUM] CVE-2016-4421: wireshark - epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x befo... epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (fixed in 2.0.2

CVE-2016-5352 [MEDIUM] CVE-2016-5352: wireshark - epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4... epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.4+gdd7746e-1) bullseye: resolved (fixed in 2.0.4+gdd7746e-1) forky: resolved (fixed in 2.0.4+gdd7746e-1)

CVE-2016-7177 [MEDIUM] CVE-2016-7177: wireshark - epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in W... epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.2.0~rc1+g438c022-1) bullseye: resolved (fixed in 2.2

CVE-2016-2525 [MEDIUM] CVE-2016-2525: wireshark - epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before... epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (fixed in 2.0.2+ga16e22e-1) forky:

CVE-2016-2528 [MEDIUM] CVE-2016-2528: wireshark - The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC di... The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (

CVE-2016-9373 [MEDIUM] CVE-2016-9373: wireshark - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash... In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. Scope: local bookworm: resolved (fixed in 2.2.2+g9c5aae3-1) bul

CVE-2016-6513 [MEDIUM] CVE-2016-6513: wireshark - epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.... epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.5+ga3be9c6-1) bullseye: resolved (fixed in 2.0.5+ga3be9c6-1) forky: resolved (fixed in 2.0.5+ga3