Debian Wireshark vulnerabilities

CVE-2015-3810 [HIGH] CVE-2015-3810: wireshark - epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.... epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.5+g5819e5b-1) bullseye: resolved (fixed in 1.12.5+g5819e5b-1) forky: resolved (fixed in 1.12.5+g58

CVE-2015-8720 [MEDIUM] CVE-2015-8720: wireshark - The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the ... The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: re

CVE-2015-0561 [MEDIUM] CVE-2015-0561: wireshark - asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.1... asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-3) bullseye: resolved (fixed in 1.12

CVE-2015-8734 [MEDIUM] CVE-2015-8734: wireshark - The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in... The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2.0.1+g59ea380-1) forky: resolved (fix

CVE-2015-3182 [MEDIUM] CVE-2015-3182: wireshark - epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1... epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.0~rc1-1) bullseye: resolved (fixed in 1.12.0~rc1-1) forky: resolved (fixe

CVE-2015-3906 [MEDIUM] CVE-2015-3906: wireshark - The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file par... The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. Scope: local b

CVE-2015-8725 [MEDIUM] CVE-2015-8725: wireshark - The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-... The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. Scope: local book

CVE-2015-7830 [MEDIUM] CVE-2015-7830: wireshark - The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser... The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. Scope: local bookworm: resolved (fixed in 1.12.

CVE-2015-8742 [MEDIUM] CVE-2015-8742: wireshark - The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-... The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fi

CVE-2015-0564 [MEDIUM] CVE-2015-0564: wireshark - Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ss... Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-

CVE-2015-8712 [MEDIUM] CVE-2015-8712: wireshark - The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in ... The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2.

CVE-2015-8727 [MEDIUM] CVE-2015-8727: wireshark - The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP di... The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380

CVE-2015-6247 [MEDIUM] CVE-2015-6247: wireshark - The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.... The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.7+g7fc8978-1) bullseye: resolved (fixe

CVE-2015-8739 [MEDIUM] CVE-2015-8739: wireshark - The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI disse... The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (f

CVE-2015-4652 [MEDIUM] CVE-2015-4652: wireshark - epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.... epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. Scope: local bookworm: resolved (fixed in 1.12.6+gee1fce6-1) bull

CVE-2015-6242 [MEDIUM] CVE-2015-6242: wireshark - The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in ... The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operati

CVE-2015-6244 [MEDIUM] CVE-2015-6244: wireshark - The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in th... The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.7+g7fc8978-1) bullseye:

CVE-2015-8718 [MEDIUM] CVE-2015-8718: wireshark - Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector i... Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye

CVE-2015-3811 [MEDIUM] CVE-2015-3811: wireshark - epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.1... epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. Scope: local bookworm: resolved (fixed in 1.12.5+g5819e5b-1)

CVE-2015-8736 [MEDIUM] CVE-2015-8736: wireshark - The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wir... The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2