Security News

CVE-2018-7330

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.
Categories: Security News

CVE-2018-7331

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.
Categories: Security News

CVE-2018-7332

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.
Categories: Security News

CVE-2018-7333

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.
Categories: Security News

CVE-2018-7334

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.
Categories: Security News

CVE-2018-7335

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.
Categories: Security News

CVE-2018-7336

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.
Categories: Security News

CVE-2018-7337

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.
Categories: Security News

CVE-2018-7417

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
Categories: Security News

CVE-2018-7418

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
Categories: Security News

CVE-2018-7419

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.
Categories: Security News

CVE-2018-7420

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
Categories: Security News

CVE-2018-7421

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.
Categories: Security News

CVE-2018-7443

National Vulnerability Database - Fri, 02/23/2018 - 17:29
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).
Categories: Security News

CVE-2017-16769

National Vulnerability Database - Fri, 02/23/2018 - 17:29
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.
Categories: Security News

CVE-2018-7320

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.
Categories: Security News

CVE-2018-7321

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.
Categories: Security News

CVE-2018-7322

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.
Categories: Security News

CVE-2018-7323

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.
Categories: Security News

CVE-2018-7324

National Vulnerability Database - Fri, 02/23/2018 - 17:29
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.
Categories: Security News

Pages