Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:wireshark:wireshark:1.10.2
There are 53 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2014-8712

The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: November 22, 2014; 9:59:03 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8711

Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.

Published: November 22, 2014; 9:59:02 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8710

The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Published: November 22, 2014; 9:59:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6432

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6431

Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6430

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6429

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6428

The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6427

Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6424

The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6423

The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6422

The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6421

Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-5165

The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.

Published: August 01, 2014; 7:13:10 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-5164

The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: August 01, 2014; 7:13:10 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-5163

The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: August 01, 2014; 7:13:10 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-5162

The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet.

Published: August 01, 2014; 7:13:10 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-5161

The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.

Published: August 01, 2014; 7:13:10 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4174

wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet.

Published: June 18, 2014; 12:55:08 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2014-4020

The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: June 18, 2014; 12:55:08 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM