Debian Wireshark vulnerabilities

CVE-2015-8730 [MEDIUM] CVE-2015-8730: wireshark - epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1... epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.1+g59ea380-1) bullseye: resolved (fixed in 2

CVE-2015-6243 [MEDIUM] CVE-2015-6243: wireshark - The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1... The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. Scope: local bookworm: resolved

CVE-2015-8724 [MEDIUM] CVE-2015-8724: wireshark - The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.... The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 2.0.

CVE-2014-4174 [CRITICAL] CVE-2014-4174: wireshark - wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 a... wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. Scope: local bookworm: resolved (fixed in 1.10.4-1) bullseye: resolved (fixed in 1.10.4-1) forky: reso

CVE-2014-2299 [CRITICAL] CVE-2014-2299: wireshark - Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser i... Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. Scope: local bookworm: resolved (fixed in 1.10.6-1) bullseye: resolved (fixed in 1.10.6-1) fork

CVE-2014-4020 [MEDIUM] CVE-2014-4020: wireshark - The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadi... The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (f

CVE-2014-5163 [MEDIUM] CVE-2014-5163: wireshark - The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/di... The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (f

CVE-2014-8710 [MEDIUM] CVE-2014-8710: wireshark - The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UD... The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-2) bullseye: resolved (fixed in 1.12.1+g01b65bf-2) forky: resolv

CVE-2014-6421 [MEDIUM] CVE-2014-6421: wireshark - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.1... Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. Scope: local bookworm: resolved (fixed in 1.12.0~rc1-1) bullseye: resolved (fixed in 1.12.0~rc1-1) forky: resolve

CVE-2014-5165 [MEDIUM] CVE-2014-5165: wireshark - The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c i... The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.0+git+4fab41a1

CVE-2014-6426 [MEDIUM] CVE-2014-6426: wireshark - The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissecto... The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-1) bullseye: resolved (fixed in 1.12.1+g01b65bf-1) forky:

CVE-2014-6431 [MEDIUM] CVE-2014-6431: wireshark - Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the ... Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. Scope: local bookworm: resolve

CVE-2014-6427 [MEDIUM] CVE-2014-6427: wireshark - Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/pac... Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. Scope: local boo

CVE-2014-5164 [MEDIUM] CVE-2014-5164: wireshark - The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector ... The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.0+git+4fab41a1-1) bullseye: resol

CVE-2014-8713 [MEDIUM] CVE-2014-8713: wireshark - Stack-based buffer overflow in the build_expert_data function in epan/dissectors... Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-2) bullseye: resolved (fixed in

CVE-2014-2907 [MEDIUM] CVE-2014-2907: wireshark - The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissect... The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.10.7-1) bullseye: resolved (fixed in 1.10.7-1) forky: r

CVE-2014-6422 [MEDIUM] CVE-2014-6422: wireshark - The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtable... The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. Scope: local bookworm: resolved (fixed in 1.12.0+git+4fab41a1-1) bullseye: resolved (fixed in 1.12.0+git+4fab41a1-1) forky: resolved (fixed i

CVE-2014-2282 [MEDIUM] CVE-2014-2282: wireshark - The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in... The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. Scope: local bookworm: resolved (fixed in 1.10.6-1) bullseye: resolved (fixed in 1.10.6

CVE-2014-6430 [MEDIUM] CVE-2014-6430: wireshark - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file pa... The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-1) bullseye: resolved (fixed in

CVE-2014-6429 [MEDIUM] CVE-2014-6429: wireshark - The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file pa... The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 1.12.1+g01b65bf-1) bullseye: resolved