Debian Wireshark vulnerabilities

CVE-2013-2480 [LOW] CVE-2013-2480: wireshark - The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before ... The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.8.2-5) bullseye: resolved (fixed in 1.8.2-5) forky: resolved (fixed in 1.8.2-5) sid: resolved (fixed in 1.8.2-5) trixie: resolved (fixed in 1.8

CVE-2013-4081 [MEDIUM] CVE-2013-4081: wireshark - The http_payload_subdissector function in epan/dissectors/packet-http.c in the H... The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.10.0-1) b

CVE-2013-3561 [HIGH] CVE-2013-3561: wireshark - Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attacker... Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resol

CVE-2013-2481 [LOW] CVE-2013-2481: wireshark - Integer signedness error in the dissect_mount_dirpath_call function in epan/diss... Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. Scope: local bookworm: resolved (fixed in 1.8

CVE-2013-4079 [MEDIUM] CVE-2013-4079: wireshark - The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in th... The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.10.0-1) bullseye: resolved (fixed in 1.10.0-1) forky: resolved (fixed in 1.10

CVE-2013-2478 [LOW] CVE-2013-2478: wireshark - The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MM... The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a

CVE-2013-6339 [MEDIUM] CVE-2013-6339: wireshark - The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the O... The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.10.3-1) bullseye: resolved (fixed in 1.10.3-1) forky: resolved (fixed in 1.10.3-1) s

CVE-2013-1582 [LOW] CVE-2013-1582: wireshark - The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector... The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.8.6-1) bullseye: resolv

CVE-2013-5719 [MEDIUM] CVE-2013-5719: wireshark - epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x bef... epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.10.2-1) bullseye: resolved (fixed in 1.10.2-1) forky: resolved (fixed in 1.10.2-1) sid: resolved (fixed in 1.10.2-1

CVE-2013-1578 [LOW] CVE-2013-1578: wireshark - The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wire... The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.8.6-1) bullseye:

CVE-2013-3557 [MEDIUM] CVE-2013-3557: wireshark - The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER... The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.8.7-1) bullseye: resolv

CVE-2013-2484 [LOW] CVE-2013-2484: wireshark - The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow... The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.8.2-5) bullseye: resolved (fixed in 1.8.2-5) forky: resolved (fixed in 1.8.2-5) sid: resolved (fixed in 1.8.2-5) trixie: resolved (fixed in 1.8.2-5)

CVE-2013-1588 [LOW] CVE-2013-1588: wireshark - Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ET... Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.8.6-1) bullseye: resolved (fixed in 1.8.6-1

CVE-2013-1572 [LOW] CVE-2013-1572: wireshark - The dissect_oampdu_event_notification function in epan/dissectors/packet-slowpro... The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Scope: local bookworm: resolved (f

CVE-2013-1587 [LOW] CVE-2013-1587: wireshark - The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC... The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.8.6-1) bullseye: resolved (fixed in 1.8.6-1) forky: reso

CVE-2013-2487 [MEDIUM] CVE-2013-2487: wireshark - epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELO... epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (

CVE-2013-1575 [LOW] CVE-2013-1575: wireshark - The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c i... The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.8.6-1) bullseye: resol

CVE-2013-4927 [HIGH] CVE-2013-4927: wireshark - Integer signedness error in the get_type_length function in epan/dissectors/pack... Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.10.1-1) bullseye: resolved (fixed in 1.10.1

CVE-2013-2482 [MEDIUM] CVE-2013-2482: wireshark - The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow... The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.8.6-1) bullseye: resolved (fixed in 1.8.6-1) forky: resolved (fixed in 1.8.6-1) sid: resolved (fixed in 1.8.6-1) trixie: resolved (fixed in 1.8.6-1)

CVE-2013-7112 [MEDIUM] CVE-2013-7112: wireshark - The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP disse... The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Scope: local bookworm: resolved (fixed in 1.10.4-1) bullseye: resolved (fixed in 1.10.4-1) for