Debian Wireshark vulnerabilities

CVE-2016-9372 [MEDIUM] CVE-2016-9372: wireshark - In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, ... In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. Scope: local bookworm: resolved (fixed in 2.2.2+g9c5aae3-1) bullseye: resolved (fixed in 2.2.2+g9c5aae3-1) forky: resolved (fixed in

CVE-2016-4085 [MEDIUM] CVE-2016-4085: wireshark - Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dis... Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. Scope: local bookworm: resolved (fixed in 2.0.0~rc2+g74e5b56-1) bullseye: resolved (fixed in 2.0.0

CVE-2016-6504 [MEDIUM] CVE-2016-6504: wireshark - epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x befo... epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0) bullseye: resolved (fixed in 2.0) forky: resolve

CVE-2016-2526 [MEDIUM] CVE-2016-2526: wireshark - epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x befor... epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.2+ga16e22e-1) bullseye: resolved (fixed in 2.0.2+ga16e22e-1) forky: resolve

CVE-2016-6510 [MEDIUM] CVE-2016-6510: wireshark - Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wiresha... Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.5+ga3be9c6-1) bullseye: resolved (fixed in 2.0.5+ga3be9c6-1) forky:

CVE-2016-4084 [MEDIUM] CVE-2016-4084: wireshark - Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissect... Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. Scope: local bookworm: resolved (fixed in 2.0.3+geed34f0-1) bullseye: resolved (fixed in 2.0.3+g

CVE-2016-6503 [MEDIUM] CVE-2016-6503: wireshark - The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platfor... The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-4081 [MEDIUM] CVE-2016-4081: wireshark - epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1... epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.3+geed34f0-1) bullseye: resolved (fixed in 2.0.3+geed34f0-1) forky: resolved

CVE-2016-4082 [MEDIUM] CVE-2016-4082: wireshark - epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x ... epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.3+geed34f0-1) bullseye: resolved

CVE-2016-4083 [MEDIUM] CVE-2016-4083: wireshark - epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before... epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.3+geed34f0-1) bullseye: resolved (fixed in 2.0.3+geed34f0-1) forky:

CVE-2016-4006 [MEDIUM] CVE-2016-4006: wireshark - epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not ... epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.3+geed34f0-1) bullseye: resolved (fixed in 2.0.3+geed34f0-1) forky: resolved (f

CVE-2016-4079 [MEDIUM] CVE-2016-4079: wireshark - epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1... epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.3+geed34f0-1) bullseye: resolved (fixed in 2.0.3+gee

CVE-2016-2521 [HIGH] CVE-2016-2521: wireshark - Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/w... Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. Scope: local bookworm: resolved bullseye: resolved fo

CVE-2016-4080 [MEDIUM] CVE-2016-4080: wireshark - epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1... epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.3+geed34f0-1) bullseye: resolved (fixed in 2.0.3+geed34f0-

CVE-2016-4076 [MEDIUM] CVE-2016-4076: wireshark - epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x befor... epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.3+geed34f0-1) bullseye: resolved (fixed in 2.0.3+geed34f0-1) forky: resolv

CVE-2016-4078 [MEDIUM] CVE-2016-4078: wireshark - The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.... The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. Scope: local bookworm: resolved (fixe

CVE-2016-4077 [MEDIUM] CVE-2016-4077: wireshark - epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect ... epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.3+geed34f0-1) bullseye: resolved (fixed in 2.0.3+geed34f0-1) for

CVE-2015-3809 [HIGH] CVE-2015-3809: wireshark - The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR diss... The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.5+g5819e5b-1) bullseye: resolved (fixed in 1.12.5+g5819e5b-1

CVE-2015-3808 [HIGH] CVE-2015-3808: wireshark - The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR diss... The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.5+g5819e5b-1) bullseye: resolved (fixed in 1.12.5+g5819e5b-1) forky: reso

CVE-2015-3812 [HIGH] CVE-2015-3812: wireshark - Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packe... Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.5+g5819e5b-1) bullseye: resolved (fixed in 1.12.5+g5819e5