Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:wireshark:wireshark:1.12.0
There are 108 matching records.
Displaying matches 101 through 108.
Vuln ID Summary CVSS Severity
CVE-2014-6430

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6429

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6428

The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6427

Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6426

The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6425

The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6424

The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6423

The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.

Published: September 20, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM