Wireshark

Wireshark

748 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.17%
  • Veröffentlicht 12.10.2018 06:29:01
  • Zuletzt bearbeitet 21.11.2024 03:55:33

In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach.

  • EPSS 3.12%
  • Veröffentlicht 12.10.2018 06:29:01
  • Zuletzt bearbeitet 21.11.2024 03:55:34

In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.

  • EPSS 2.88%
  • Veröffentlicht 12.10.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:33

In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.

  • EPSS 3.38%
  • Veröffentlicht 30.08.2018 01:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:00

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.

  • EPSS 3.45%
  • Veröffentlicht 30.08.2018 01:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:00

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.

  • EPSS 3.46%
  • Veröffentlicht 30.08.2018 01:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:01

In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.

  • EPSS 1.2%
  • Veröffentlicht 20.07.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:03

In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

  • EPSS 3.52%
  • Veröffentlicht 19.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:51

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.

Exploit
  • EPSS 3.45%
  • Veröffentlicht 19.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:51

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.

  • EPSS 3.67%
  • Veröffentlicht 19.07.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:51

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.