Debian Wireshark vulnerabilities

CVE-2015-6241 [MEDIUM] CVE-2015-6241: wireshark - The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree impl... The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1

CVE-2015-8738 [MEDIUM] CVE-2015-8738: wireshark - The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_s... The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in

CVE-2015-2191 [MEDIUM] CVE-2015-2191: wireshark - Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c i... Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-4) bullseye: resolved (fixed in 1.12.1

CVE-2015-8728 [MEDIUM] CVE-2015-8728: wireshark - The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A ... The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and applicati

CVE-2015-2192 [MEDIUM] CVE-2015-2192: wireshark - Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissector... Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-4) bullseye: resolved (fixed in 1.12.1+

CVE-2015-3815 [MEDIUM] CVE-2015-3815: wireshark - The detect_version function in wiretap/logcat.c in the Android Logcat file parse... The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than C

CVE-2015-2187 [MEDIUM] CVE-2015-2187: wireshark - The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.... The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. Scope: local bookworm: resolved (fi

CVE-2015-2188 [MEDIUM] CVE-2015-2188: wireshark - epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.1... epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. Scope: local bookworm: resolved (fixe

CVE-2015-8715 [MEDIUM] CVE-2015-8715: wireshark - epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x be... epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2.0.1+g59ea380-1) forky: resolved (fixed in 2.0.1+g5

CVE-2015-8732 [MEDIUM] CVE-2015-8732: wireshark - The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee... The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Scope: local

CVE-2015-8735 [MEDIUM] CVE-2015-8735: wireshark - The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attrib... The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) b

CVE-2015-8726 [MEDIUM] CVE-2015-8726: wireshark - wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and ... wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bull

CVE-2015-2189 [MEDIUM] CVE-2015-2189: wireshark - Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng f... Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. Scope: local bookworm: resolved (fixe

CVE-2015-8721 [MEDIUM] CVE-2015-8721: wireshark - Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshar... Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2.0.1+g59ea380-1) forky: resolved

CVE-2015-4651 [MEDIUM] CVE-2015-4651: wireshark - The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c... The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (

CVE-2015-8723 [MEDIUM] CVE-2015-8723: wireshark - The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissec... The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. Scope: l

CVE-2015-8731 [MEDIUM] CVE-2015-8731: wireshark - The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL ... The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1)

CVE-2015-8733 [MEDIUM] CVE-2015-8733: wireshark - The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file... The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Scope: local

CVE-2015-3813 [MEDIUM] CVE-2015-3813: wireshark - The fragment_add_work function in epan/reassemble.c in the packet-reassembly fea... The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.1

CVE-2015-8719 [MEDIUM] CVE-2015-8719: wireshark - The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS disse... The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2.0.1+g59ea380