Debian Wireshark vulnerabilities

CVE-2011-1591 [CRITICAL] CVE-2011-1591: wireshark - Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect... Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. Scope: local bookworm: resolved (fixed in 1.4.5-1) bullseye: resolved (fixed in 1.4.5-1) forky: resolved (fixed in 1.4.5-1) sid: resolved (fixed in 1.4.5-1) trixie: resolved

CVE-2011-0444 [CRITICAL] CVE-2011-0444: wireshark - Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in W... Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. Scope: local bookworm: resolved (fixed in 1.2.11-6) bullseye: resolved (fixed in 1.2.11-6) forky: resolve

CVE-2011-0024 [CRITICAL] CVE-2011-0024: wireshark - Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows re... Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. Scope: local bookworm: resolved (fixed in 1.2-0-1) bullseye: resolved (fixed in 1.2-0-1) forky: resolved (fixed in 1.2-0-1) sid: resolved (fixed in 1.2-0-1)

CVE-2011-4102 [MEDIUM] CVE-2011-4102: wireshark - Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in t... Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file. Scope: local bookworm: resolved (fixed in 1.6.3-1) bullseye: resolved (fixed in 1.6.3-1) forky: resolved (fixed in 1

CVE-2011-2174 [MEDIUM] CVE-2011-2174: wireshark - Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wir... Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. Scope: local bookworm: resolved (fixed in 1.6.0-1) bullseye: resolved (fixed in 1.6.0-1) forky: resolv

CVE-2011-0713 [MEDIUM] CVE-2011-0713: wireshark - Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2... Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. Scope: local bookworm: resolved (fixed in 1.4.4-1) bullseye: resolved (fixed in 1.4.4-1) forky: r

CVE-2011-1138 [MEDIUM] CVE-2011-1138: wireshark - Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wir... Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. Scope: local bookworm: resolved (fixed in 1.4.4-1) bullseye: resolved (fixed in 1.4.4-1) forky: resolved (fixed in 1.4.4-1) sid:

CVE-2011-4100 [MEDIUM] CVE-2011-4100: wireshark - The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 di... The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.6.3-1) bullseye: resolved (fixed in 1.6.3-1) forky: resolve

CVE-2011-3482 [MEDIUM] CVE-2011-3482: wireshark - The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 di... The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.6.2-1) bullseye: resolved (fixed in 1.6.2-1) forky:

CVE-2011-3483 [MEDIUM] CVE-2011-3483: wireshark - Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of servic... Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." Scope: local bookworm: resolved (fixed in 1.6.2-1) bullseye: resolved (fixed in 1.6.2-1) forky: resolved (fixed in 1.6.2-1) sid: resolved (fi

CVE-2011-3484 [MEDIUM] CVE-2011-3484: wireshark - The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety... The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet. Scope: local bookworm: resolved (fixed in 1.6.2-1) bullseye: resolved (fixed in 1.

CVE-2011-1592 [MEDIUM] CVE-2011-1592: wireshark - The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.... The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resol

CVE-2011-1143 [MEDIUM] CVE-2011-1143: wireshark - epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.... epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. Scope: local bookworm: resolved (fixed in 1.4.4-1) bullseye: resolved (fixed in 1.4.4-1) forky: resolved (fixed in 1.4.4-1) sid: resolved (fixed in 1.4.4-

CVE-2011-3266 [LOW] CVE-2011-3266: wireshark - The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 thro... The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. Scope: local bookworm: resolved (fixed in 1.6.2-1) bullseye: resolved (fixed in 1

CVE-2011-2698 [MEDIUM] CVE-2011-2698: wireshark - Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi... Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. Scope: local bookworm: resolved (fixed in 1.6.1-1) bullseye: resolved (fixed in 1.6.1-1) forky: resolved (fi

CVE-2011-1958 [MEDIUM] CVE-2011-1958: wireshark - Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote... Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. Scope: local bookworm: resolved (fixed in 1.6.0-1) bullseye: resolved (fixed in 1.6.0-1) forky: resolved (fixed in 1.6.0-1) sid: resolved (fixed in 1.6.0-1)

CVE-2011-1957 [MEDIUM] CVE-2011-1957: wireshark - The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM disse... The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. Scope: local bookworm: resolved (fixed in 1.6.0-1) bullseye: resolved (fixed in 1.6.0-1) forky: resolved (fixed in 1.6.0-1) sid:

CVE-2011-0538 [MEDIUM] CVE-2011-0538: wireshark - Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitia... Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. Scope: local bookworm: resolved (fixed in 1.4.3-3) bullseye: resolved (f

CVE-2011-3360 [CRITICAL] CVE-2011-3360: wireshark - Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x be... Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. Scope: local bookworm: resolved (fixed in 1.6.2-1) bullseye: resolved (fixed in 1.6.2-1) forky: resolved (fixed in 1.6.2-1) sid: resolved (fixed in 1.6.2-1) trixie: resolved (f

CVE-2011-2597 [MEDIUM] CVE-2011-2597: wireshark - The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.... The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. Scope: local bookworm: resolved (fixed in 1.6.1-1) bullseye: resolved (fixed in 1.6.1-1) forky: resolved (fixed in 1.6.1-1) sid: resolved (fixed in 1.6.1-1) trixie: resolved (fixe