Debian Wireshark vulnerabilities

CVE-2015-8741 [MEDIUM] CVE-2015-8741: wireshark - The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in... The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2.0.1+g59ea380

CVE-2015-8716 [MEDIUM] CVE-2015-8716: wireshark - The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 diss... The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2.0.1+g59ea3

CVE-2015-2190 [MEDIUM] CVE-2015-2190: wireshark - epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer ... epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-4) bullseye: res

CVE-2015-8729 [MEDIUM] CVE-2015-8729: wireshark - The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wi... The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Scope: local bookworm: resolved (f

CVE-2015-6245 [MEDIUM] CVE-2015-6245: wireshark - epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.... epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.7+g7fc8978-1) bullseye: resolved (fixed in 1.12.7+g7fc8978-1) forky: resolved (fixed in

CVE-2015-6246 [MEDIUM] CVE-2015-6246: wireshark - The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the Wav... The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.7+g7fc8978-1) bullseye: resolved (fixed in 1.12.7+g7fc8978

CVE-2015-8714 [MEDIUM] CVE-2015-8714: wireshark - The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM di... The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2.0

CVE-2015-0560 [MEDIUM] CVE-2015-0560: wireshark - The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c... The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf

CVE-2015-8740 [MEDIUM] CVE-2015-8740: wireshark - The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in t... The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bul

CVE-2015-0563 [MEDIUM] CVE-2015-0563: wireshark - epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1... epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-3) bullseye: resolved (fix

CVE-2015-0559 [MEDIUM] CVE-2015-0559: wireshark - Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the ... Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. Scope: local bookworm: resolved (fixed in 1.

CVE-2015-6249 [MEDIUM] CVE-2015-6249: wireshark - The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c... The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12

CVE-2015-0562 [MEDIUM] CVE-2015-0562: wireshark - Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in... Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. Scope: local bookwo

CVE-2015-8737 [MEDIUM] CVE-2015-8737: wireshark - The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.... The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2.0.1+g59ea380-1) forky:

CVE-2015-8722 [MEDIUM] CVE-2015-8722: wireshark - epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1... epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2

CVE-2015-8711 [MEDIUM] CVE-2015-8711: wireshark - epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1... epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2

CVE-2015-6248 [MEDIUM] CVE-2015-6248: wireshark - The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wi... The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.7+g7fc8978-1) bullseye: resolved (fixed in 1

CVE-2015-8717 [MEDIUM] CVE-2015-8717: wireshark - The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in... The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2.0.1+g59ea380-1

CVE-2015-3814 [MEDIUM] CVE-2015-3814: wireshark - The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/disse... The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: l

CVE-2015-8713 [MEDIUM] CVE-2015-8713: wireshark - epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x be... epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fix