Wireshark

Wireshark

685 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-16056

  • EPSS 0.53%
  • Veröffentlicht 30.08.2018 01:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:00

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.

7.5

CVE-2018-16057

  • EPSS 1.28%
  • Veröffentlicht 30.08.2018 01:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:00

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.

7.5

CVE-2018-16058

  • EPSS 1.05%
  • Veröffentlicht 30.08.2018 01:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:01

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.

7.5

CVE-2018-14438

  • EPSS 0.12%
  • Veröffentlicht 20.07.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:03

In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

7.5

CVE-2018-14339

  • EPSS 1.72%
  • Veröffentlicht 19.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:51

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.

7.5

CVE-2018-14340

Exploit
  • EPSS 1.09%
  • Veröffentlicht 19.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:51

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.

7.8

CVE-2018-14341

  • EPSS 1.34%
  • Veröffentlicht 19.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:51

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.

7.8

CVE-2018-14342

  • EPSS 1.34%
  • Veröffentlicht 19.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:51

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.

7.5

CVE-2018-14343

  • EPSS 0.58%
  • Veröffentlicht 19.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:52

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.

7.5

CVE-2018-14344

  • EPSS 0.57%
  • Veröffentlicht 19.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:52

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.