Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-01-04 CVE-2015-8721 Improper Input Validation vulnerability in Wireshark
Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.
local
low complexity
wireshark CWE-20
5.5
2016-01-04 CVE-2015-8720 Improper Input Validation vulnerability in Wireshark
The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
local
low complexity
wireshark CWE-20
5.5
2016-01-04 CVE-2015-8719 Improper Input Validation vulnerability in Wireshark
The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
local
low complexity
wireshark CWE-20
5.5
2016-01-04 CVE-2015-8718 Improper Input Validation vulnerability in Wireshark
Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet.
local
low complexity
wireshark CWE-20
5.5
2016-01-04 CVE-2015-8717 Improper Input Validation vulnerability in Wireshark
The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
local
low complexity
wireshark CWE-20
5.5
2016-01-04 CVE-2015-8716 Improper Input Validation vulnerability in Wireshark
The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
local
low complexity
wireshark CWE-20
5.5
2016-01-04 CVE-2015-8715 Improper Input Validation vulnerability in Wireshark
epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
local
low complexity
wireshark CWE-20
5.5
2016-01-04 CVE-2015-8714 Improper Input Validation vulnerability in Wireshark
The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
local
low complexity
wireshark CWE-20
5.5
2016-01-04 CVE-2015-8713 Improper Input Validation vulnerability in Wireshark
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.
local
low complexity
wireshark CWE-20
5.5
2016-01-04 CVE-2015-8712 Improper Input Validation vulnerability in Wireshark
The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
local
low complexity
wireshark CWE-20
5.5