Total
637 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-6428 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2014-6427 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. | |||||
CVE-2014-6426 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
CVE-2014-6425 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. | |||||
CVE-2014-6424 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. | |||||
CVE-2014-6423 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. | |||||
CVE-2014-6422 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. | |||||
CVE-2014-6431 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. | |||||
CVE-2014-6432 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
CVE-2014-6421 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. | |||||
CVE-2014-6430 | 1 Wireshark | 1 Wireshark | 2014-11-05 | 5.0 MEDIUM | N/A |
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
CVE-2014-4174 | 1 Wireshark | 1 Wireshark | 2014-06-19 | 9.3 HIGH | N/A |
wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. | |||||
CVE-2014-2907 | 1 Wireshark | 1 Wireshark | 2014-05-22 | 4.3 MEDIUM | N/A |
The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2013-7112 | 1 Wireshark | 1 Wireshark | 2014-04-18 | 5.0 MEDIUM | N/A |
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
CVE-2013-7114 | 1 Wireshark | 1 Wireshark | 2014-04-18 | 5.0 MEDIUM | N/A |
Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. | |||||
CVE-2013-7113 | 1 Wireshark | 1 Wireshark | 2014-01-16 | 5.0 MEDIUM | N/A |
epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2012-2394 | 1 Wireshark | 1 Wireshark | 2012-11-05 | 3.3 LOW | N/A |
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. |