Debian Wireshark vulnerabilities

CVE-2009-0601 [LOW] CVE-2009-0601: wireshark - Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows pla... Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. Scope: local bookworm: resolved (fixed in 1.0.6-1) bullseye: resolved (fixed in 1.0.6-1) forky: resolved (fixed in 1.0.6-1) sid: resolved (fixed in 1.0

CVE-2009-1829 [MEDIUM] CVE-2009-1829: wireshark - Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.... Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. Scope: local bookworm: resolved (fixed in 1.0.8-1) bullseye: resolved (fixed in 1.0.8-1) forky: resolved (fixed in 1.0.8-1) sid: resolved (fixed in 1.0.8-1) trixie: resolved (fixed in 1.0.8-1)

CVE-2009-2562 [MEDIUM] CVE-2009-2562: wireshark - Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 ... Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. Scope: local bookworm: resolved (fixed in 1.2.1-1) bullseye: resolved (fixed in 1.2.1-1) forky: resolved (fixed in 1.2.1-1) sid: resolved (fixed in 1.2.1-1) trixie: resolved (fixed in 1.2.1-1)

CVE-2009-3242 [MEDIUM] CVE-2009-3242: wireshark - Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2... Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. Scope: local bookworm: resolved (fixed in 1.2.2-1) bullseye: resolved (fixed in 1.2.2-1) forky:

CVE-2009-3241 [HIGH] CVE-2009-3241: wireshark - Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 th... Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. Scope: local bookworm: resolved (fixed in 1.2.2-1) bullseye: resolved (fixed in 1.2.2-1) forky: resolved (fixed in 1.2.2-

CVE-2009-3549 [MEDIUM] CVE-2009-3549: wireshark - packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on S... packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. Scope: local bookworm: resolved (fixed in 1.2.3-1) bullseye: resolved (fixed in 1.2.3-1) forky: resolved (fixed in 1.2.3-1) sid:

CVE-2009-1269 [MEDIUM] CVE-2009-1269: wireshark - Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attack... Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.7-1) trixie: resolved (fixed in 1.0.7-1)

CVE-2009-3551 [MEDIUM] CVE-2009-3551: wireshark - Off-by-one error in the dissect_negprot_response function in packet-smb.c in the... Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved (fixed in 1.

CVE-2009-1268 [MEDIUM] CVE-2009-1268: wireshark - The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 ... The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. Scope: local bookworm: resolved (fixed in 1.0.7-1) bullseye: resolved (fixed in 1.0.7-1) forky: resolved (fixed in 1.0.7-1) sid: resolved (fixed in 1.0.7-1) trixie: resolved (

CVE-2008-3146 [CRITICAL] CVE-2008-3146: wireshark - Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal)... Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. Scope: local bookworm: resolved (fixed in 1.0.3-1) bullseye: resolved (fixed in 1.0.3-1) forky

CVE-2008-1072 [MEDIUM] CVE-2008-1072: wireshark - The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when r... The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. Scope: local bookworm: resolved (fixed in 0.99.8-1) bullseye: resolved (fixed in 0.99.8-1) forky: resolved (fixed i

CVE-2008-1561 [MEDIUM] CVE-2008-1561: wireshark - Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 thr... Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang. Scope: local bookworm: resolved (fixed in 1.0.0-1) bullseye: resolved (fixed in 1.0.0-1) f

CVE-2008-6472 [MEDIUM] CVE-2008-6472: wireshark - The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to... The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.0.5-1) bullseye: resolved (fixed in 1.0.5-1) forky: resolved (fixed in 1.0.5-1) sid: resolved (fixed in 1.0.5-1) trixie: resolved (fixed in 1.0.5-1)

CVE-2008-4681 [MEDIUM] CVE-2008-4681: wireshark - Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 ... Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. Scope: local bookworm: resolved (fixed in 1.0.4-1) bullseye: resolved (fixed in 1.0.4-1) forky: resolved (fixed in 1.0.4-1) sid: resolved (fixed in 1.0.4-1) trixie: reso

CVE-2008-4680 [MEDIUM] CVE-2008-4680: wireshark - packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remot... packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). Scope: local bookworm: resolved (fixed in 1.0.4-1) bullseye: resolved (fixed in 1.0.4-1) forky: resolved (fixed in 1.0.4-1) sid: resolved (fixed in 1.0.4-1) trixie: resolved (

CVE-2008-3139 [MEDIUM] CVE-2008-3139: wireshark - The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows... The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. Scope: local bookworm: resolved (fixed in 1.0.1-1) bullseye: resolved (fixed in 1.0.1-1) forky: resolved (fixed in 1.0.1-1) sid: resolved (fixed in 1.0.1-1) tr

CVE-2008-1071 [MEDIUM] CVE-2008-1071: wireshark - The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows... The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. Scope: local bookworm: resolved (fixed in 0.99.8-1) bullseye: resolved (fixed in 0.99.8-1) forky: resolved (fixed in 0.99.8-1) sid: resolved (fixed in 0.99.8-1) trixie: resolved (fixed in 0.99.8-1)

CVE-2008-3933 [LOW] CVE-2008-3933: wireshark - Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a ... Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. Scope: local bookworm: resolved (fixed in 1.0.3-1) bullseye: resolved (fixed in 1.0.3-1) forky: resolved (fixed in 1.0.3-1) sid: resolved (fixed in 1.0.3-

CVE-2008-3145 [MEDIUM] CVE-2008-3145: wireshark - The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through ... The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. Scope: local bookworm: resolved (fixed in 1.0.2-1) bullseye: resolved (fixed in 1.0.2-1) forky: resol

CVE-2008-3141 [MEDIUM] CVE-2008-3141: wireshark - Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) ... Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.0.1-1) bullseye: resolved (fixed in 1.0.1-1) forky: resolved (fixed in 1.0.1-1) sid: resolved (fixed in 1.0.1-1) trixie: resolved (fixed in 1.0.1-1)