nessus
via4
|
NASL family | Windows | NASL id | WIRESHARK_2_2_7.NASL | description | The version of Wireshark installed on the remote Windows host is 2.0.x
prior to 2.0.13 or 2.2.x prior to 2.2.7. It is, therefore, affected by
multiple denial of service vulnerabilities :
- A NULL pointer dereference flaw exists in the
dissect_msnip() function within file
epan/dissectors/packet-msnip.c due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. (CVE-2017-9343)
- A divide-by-zero error exists in the
dissect_connparamrequest() function within file
epan/dissectors/packet-btl2cap.c due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. (CVE-2017-9344)
- An infinite loop condition exists in the
expand_dns_name() function within file
epan/dissectors/packet-dns.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9345)
- An infinite loop condition exists in the
dissect_slsk_pdu() function within file
epan/dissectors/packet-slsk.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9346)
- A NULL pointer dereference flaw exists in the
ros_try_string() function within file
epan/dissectors/asn1/ros/packet-ros-template.c due to
improper validation of user-supplied input passed as an
OID string. An unauthenticated, remote attacker can
exploit this, via a specially crafted packet or packet
trace file, to cause a denial of service condition. This
issue only affects version 2.2.x. (CVE-2017-9347)
- An out-of-bounds read error exists in the
OALMarshal_UncompressValue() function within file
epan/dissectors/packet-dof.c when handling Distributed
Object Framework (DOF) packets. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. This issue only affects version
2.2.x. (CVE-2017-9348)
- An infinite loop condition exists in the
dissect_dcm_pdu_data() function within file
epan/dissectors/packet-dcm.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9349)
- A memory allocation issue exists in the
dissect_opensafety_ssdo_message() function within file
epan/dissectors/packet-opensafety.c due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. (CVE-2017-9350)
- An out-of-bounds read error exists in the bootp_option()
function within file epan/dissectors/packet-bootp.c when
handling vendor class identifier strings in bootp
packets due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this, via a specially crafted packet or packet trace
file, to cause a denial of service condition.
(CVE-2017-9351)
- An infinite loop condition exists in the
get_bzr_pdu_len() function within file
epan/dissectors/packet-bzr.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9352)
- A NULL pointer dereference flaw exists in the
dissect_routing6_rpl() function within file
epan/dissectors/packet-ipv6.c due to improper validation
of user-supplied input. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet or packet trace file, to cause a denial of
service condition. This issue only affects version
2.2.x. (CVE-2017-9353)
- A NULL pointer dereference flaw exists in the
dissect_rgmp() function within file
epan/dissectors/packet-rgmp.c due to improper validation
of user-supplied input. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet or packet trace file, to cause a denial of
service condition. (CVE-2017-9354)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number. | last seen | 2019-01-16 | modified | 2018-08-07 | plugin id | 100671 | published | 2017-06-07 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=100671 | title | Wireshark 2.0.x < 2.0.13 / 2.2.x < 2.2.7 Multiple DoS |
NASL family | SuSE Local Security Checks | NASL id | SUSE_SU-2017-1664-1.NASL | description | The network analysis tool wireshark was updated to version 2.0.13 to
fix the following issues :
- CVE-2017-9352: Bazaar dissector infinite loop
(wnpa-sec-2017-22) (bsc#1042304)
- CVE-2017-9348: DOF dissector read overflow
(wnpa-sec-2017-23) (bsc#1042303)
- CVE-2017-9351: DHCP dissector read overflow
(wnpa-sec-2017-24) (bsc#1042302)
- CVE-2017-9346: SoulSeek dissector infinite loop
(wnpa-sec-2017-25) (bsc#1042301)
- CVE-2017-9345: DNS dissector infinite loop
(wnpa-sec-2017-26) (bsc#1042300)
- CVE-2017-9349: DICOM dissector infinite loop
(wnpa-sec-2017-27) (bsc#1042305)
- CVE-2017-9350: openSAFETY dissector memory exh..
(wnpa-sec-2017-28) (bsc#1042299)
- CVE-2017-9344: BT L2CAP dissector divide by zero
(wnpa-sec-2017-29) (bsc#1042298)
- CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30)
(bsc#1042309)
- CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31)
(bsc#1042308)
- CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32)
(bsc#1042307)
- CVE-2017-9353: wireshark: IPv6 dissector crash
(wnpa-sec-2017-33) (bsc#1042306)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-30 | plugin id | 101043 | published | 2017-06-26 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=101043 | title | SUSE SLES11 Security Update : wireshark (SUSE-SU-2017:1664-1) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_SU-2017-1663-1.NASL | description | The network debugging tool wireshark was updated to version 2.2.7 to
fix the following issues :
- CVE-2017-9352: Bazaar dissector infinite loop
(wnpa-sec-2017-22) (bsc#1042304)
- CVE-2017-9348: DOF dissector read overflow
(wnpa-sec-2017-23) (bsc#1042303)
- CVE-2017-9351: DHCP dissector read overflow
(wnpa-sec-2017-24) (bsc#1042302)
- CVE-2017-9346: SoulSeek dissector infinite loop
(wnpa-sec-2017-25) (bsc#1042301)
- CVE-2017-9345: DNS dissector infinite loop
(wnpa-sec-2017-26) (bsc#1042300)
- CVE-2017-9349: DICOM dissector infinite loop
(wnpa-sec-2017-27) (bsc#1042305)
- CVE-2017-9350: openSAFETY dissector memory exh..
(wnpa-sec-2017-28) (bsc#1042299)
- CVE-2017-9344: BT L2CAP dissector divide by zero
(wnpa-sec-2017-29) (bsc#1042298)
- CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30)
(bsc#1042309)
- CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31)
(bsc#1042308)
- CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32)
(bsc#1042307)
- CVE-2017-9353: wireshark: IPv6 dissector crash
(wnpa-sec-2017-33) (bsc#1042306)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-30 | plugin id | 101042 | published | 2017-06-26 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=101042 | title | SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2017:1663-1) |
NASL family | SuSE Local Security Checks | NASL id | OPENSUSE-2017-674.NASL | description | This update for wireshark fixes minor vulnerabilities that could be
used to trigger dissector crashes, infinite loops, or cause excessive
use of CPU resources by making Wireshark read specially crafted
packages from the network or a capture file :
- CVE-2017-9352: Bazaar dissector infinite loop
(boo#1042304)
- CVE-2017-9348: DOF dissector read overflow (boo#1042303)
- CVE-2017-9351: DHCP dissector read overflow
(boo#1042302)
- CVE-2017-9346: SoulSeek dissector infinite loop
(boo#1042301)
- CVE-2017-9345: DNS dissector infinite loop (boo#1042300)
- CVE-2017-9349: DICOM dissector infinite loop
(boo#1042305)
- CVE-2017-9350: openSAFETY dissector memory exhaustion
(boo#1042299)
- CVE-2017-9344: BT L2CAP dissector divide by zero
(boo#1042298)
- CVE-2017-9343: MSNIP dissector crash (boo#1042309)
- CVE-2017-9347: ROS dissector crash (boo#1042308)
- CVE-2017-9354: RGMP dissector crash (boo#1042307)
- CVE-2017-9353: IPv6 dissector crash (boo#1042306) | last seen | 2019-01-16 | modified | 2018-01-26 | plugin id | 100752 | published | 2017-06-13 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=100752 | title | openSUSE Security Update : wireshark (openSUSE-2017-674) |
NASL family | MacOS X Local Security Checks | NASL id | MACOSX_WIRESHARK_2_2_7.NASL | description | The version of Wireshark installed on the remote macOS or Mac OS X
host is 2.0.x prior to 2.0.13 or 2.2.x prior to 2.2.7. It is,
therefore, affected by multiple denial of service vulnerabilities :
- A NULL pointer dereference flaw exists in the
dissect_msnip() function within file
epan/dissectors/packet-msnip.c due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. (CVE-2017-9343)
- A divide-by-zero error exists in the
dissect_connparamrequest() function within file
epan/dissectors/packet-btl2cap.c due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. (CVE-2017-9344)
- An infinite loop condition exists in the
expand_dns_name() function within file
epan/dissectors/packet-dns.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9345)
- An infinite loop condition exists in the
dissect_slsk_pdu() function within file
epan/dissectors/packet-slsk.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9346)
- A NULL pointer dereference flaw exists in the
ros_try_string() function within file
epan/dissectors/asn1/ros/packet-ros-template.c due to
improper validation of user-supplied input passed as an
OID string. An unauthenticated, remote attacker can
exploit this, via a specially crafted packet or packet
trace file, to cause a denial of service condition. This
issue only affects version 2.2.x. (CVE-2017-9347)
- An out-of-bounds read error exists in the
OALMarshal_UncompressValue() function within file
epan/dissectors/packet-dof.c when handling Distributed
Object Framework (DOF) packets. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. This issue only affects version
2.2.x. (CVE-2017-9348)
- An infinite loop condition exists in the
dissect_dcm_pdu_data() function within file
epan/dissectors/packet-dcm.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9349)
- A memory allocation issue exists in the
dissect_opensafety_ssdo_message() function within file
epan/dissectors/packet-opensafety.c due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via a specially
crafted packet or packet trace file, to cause a denial
of service condition. (CVE-2017-9350)
- An out-of-bounds read error exists in the bootp_option()
function within file epan/dissectors/packet-bootp.c when
handling vendor class identifier strings in bootp
packets due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this, via a specially crafted packet or packet trace
file, to cause a denial of service condition.
(CVE-2017-9351)
- An infinite loop condition exists in the
get_bzr_pdu_len() function within file
epan/dissectors/packet-bzr.c when handling packets or
packet trace files. An unauthenticated, remote attacker
can exploit this, via a specially crafted packet or
packet trace file, to consume excessive CPU resources,
resulting in a denial of service condition.
(CVE-2017-9352)
- A NULL pointer dereference flaw exists in the
dissect_routing6_rpl() function within file
epan/dissectors/packet-ipv6.c due to improper validation
of user-supplied input. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet or packet trace file, to cause a denial of
service condition. This issue only affects version
2.2.x. (CVE-2017-9353)
- A NULL pointer dereference flaw exists in the
dissect_rgmp() function within file
epan/dissectors/packet-rgmp.c due to improper validation
of user-supplied input. An unauthenticated, remote
attacker can exploit this, via a specially crafted
packet or packet trace file, to cause a denial of
service condition. (CVE-2017-9354)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number. | last seen | 2019-01-16 | modified | 2018-07-14 | plugin id | 100670 | published | 2017-06-07 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=100670 | title | Wireshark 2.0.x < 2.0.13 / 2.2.x < 2.2.7 Multiple DoS (macOS) |
|