Vulnerabilities > Wireshark > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-25 CVE-2016-4079 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.
network
high complexity
debian oracle wireshark CWE-119
5.9
2016-04-25 CVE-2016-4078 Improper Input Validation vulnerability in Wireshark
The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.
network
high complexity
wireshark CWE-20
5.9
2016-04-25 CVE-2016-4077 Unspecified vulnerability in Wireshark 2.0.0/2.0.1/2.0.2
epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
network
high complexity
wireshark
5.9
2016-04-25 CVE-2016-4076 Improper Access Control vulnerability in Wireshark 2.0.0/2.0.1/2.0.2
epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
network
high complexity
wireshark CWE-284
5.9
2016-04-25 CVE-2016-4006 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.
network
high complexity
wireshark CWE-119
5.9
2016-02-28 CVE-2016-2532 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
network
high complexity
wireshark CWE-119
5.9
2016-02-28 CVE-2016-2531 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.
network
high complexity
wireshark CWE-119
5.9
2016-02-28 CVE-2016-2530 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.
network
high complexity
wireshark CWE-119
5.9
2016-02-28 CVE-2016-2529 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark 2.0.0/2.0.1
The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
local
low complexity
wireshark CWE-119
5.5
2016-02-28 CVE-2016-2528 Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1
The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
network
high complexity
wireshark CWE-20
5.9