CVE-2012-4298 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4298):
Integer signedness error in the vwr_read_rec_data_ethernet function in
wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before
1.8.2 allows user-assisted remote attackers to execute arbitrary code via a
crafted packet-trace file that triggers a buffer overflow.
CVE-2012-4297 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4297):
Buffer overflow in the dissect_gsm_rlcmac_downlink function in
epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in
Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers
to execute arbitrary code via a malformed packet.
CVE-2012-4296 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4296):
Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in
Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
allows remote attackers to cause a denial of service (CPU consumption) via a
malformed packet.
CVE-2012-4295 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4295):
Array index error in the channelised_fill_sdh_g707_format function in
epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before
1.8.2 might allow remote attackers to cause a denial of service (application
crash) via a crafted speed (aka rate) value.
CVE-2012-4294 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4294):
Buffer overflow in the channelised_fill_sdh_g707_format function in
epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before
1.8.2 allows remote attackers to execute arbitrary code via a large speed
(aka rate) value.
CVE-2012-4293 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4293):
plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in
Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
does not properly handle certain integer fields, which allows remote
attackers to cause a denial of service (application exit) via a malformed
packet.
CVE-2012-4292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4292):
The dissect_stun_message function in epan/dissectors/packet-stun.c in the
STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
1.8.x before 1.8.2 does not properly interact with key-destruction behavior
in a certain tree library, which allows remote attackers to cause a denial
of service (application crash) via a malformed packet.
CVE-2012-4291 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4291):
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
1.8.x before 1.8.2 allows remote attackers to cause a denial of service
(memory consumption) via a malformed packet.
CVE-2012-4290 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4290):
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10,
and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service
(loop and CPU consumption) via a malformed packet.
CVE-2012-4289 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4289):
epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before
1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers
to cause a denial of service (loop and CPU consumption) via a large number
of ACL entries.
CVE-2012-4288 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4288):
Integer overflow in the dissect_xtp_ecntl function in
epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before
1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers
to cause a denial of service (loop or application crash) via a large value
for a span length.
CVE-2012-4287 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4287):
epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x
before 1.8.2 allows remote attackers to cause a denial of service (loop and
CPU consumption) via a small value for a BSON document length.
CVE-2012-4286 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4286):
The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng
file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote
attackers to cause a denial of service (divide-by-zero error and application
crash) via a crafted pcap-ng file.
CVE-2012-4285 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4285):
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP
ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
1.8.x before 1.8.2 allows remote attackers to cause a denial of service
(divide-by-zero error and application crash) via a zero-length message.
CVE-2012-4298 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4298): rec_data_ ethernet function in
Integer signedness error in the vwr_read_
wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before
1.8.2 allows user-assisted remote attackers to execute arbitrary code via a
crafted packet-trace file that triggers a buffer overflow.
CVE-2012-4297 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4297): gsm_rlcmac_ downlink function in dissectors/ packet- gsm_rlcmac. c in the GSM RLC MAC dissector in
Buffer overflow in the dissect_
epan/
Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers
to execute arbitrary code via a malformed packet.
CVE-2012-4296 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4296): /packet- rtps2.c in the RTPS2 dissector in
Buffer overflow in epan/dissectors
Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
allows remote attackers to cause a denial of service (CPU consumption) via a
malformed packet.
CVE-2012-4295 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4295): fill_sdh_ g707_format function in dissectors/ packet- erf.c in the ERF dissector in Wireshark 1.8.x before
Array index error in the channelised_
epan/
1.8.2 might allow remote attackers to cause a denial of service (application
crash) via a crafted speed (aka rate) value.
CVE-2012-4294 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4294): fill_sdh_ g707_format function in dissectors/ packet- erf.c in the ERF dissector in Wireshark 1.8.x before
Buffer overflow in the channelised_
epan/
1.8.2 allows remote attackers to execute arbitrary code via a large speed
(aka rate) value.
CVE-2012-4293 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4293): ethercat/ packet- ecatmb. c in the EtherCAT Mailbox dissector in
plugins/
Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2
does not properly handle certain integer fields, which allows remote
attackers to cause a denial of service (application exit) via a malformed
packet.
CVE-2012-4292 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4292): stun_message function in epan/dissectors /packet- stun.c in the
The dissect_
STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
1.8.x before 1.8.2 does not properly interact with key-destruction behavior
in a certain tree library, which allows remote attackers to cause a denial
of service (application crash) via a malformed packet.
CVE-2012-4291 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4291):
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
1.8.x before 1.8.2 allows remote attackers to cause a denial of service
(memory consumption) via a malformed packet.
CVE-2012-4290 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4290):
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10,
and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service
(loop and CPU consumption) via a malformed packet.
CVE-2012-4289 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4289): dissectors/ packet- afp.c in the AFP dissector in Wireshark 1.4.x before
epan/
1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers
to cause a denial of service (loop and CPU consumption) via a large number
of ACL entries.
CVE-2012-4288 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4288): dissectors/ packet- xtp.c in the XTP dissector in Wireshark 1.4.x before
Integer overflow in the dissect_xtp_ecntl function in
epan/
1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers
to cause a denial of service (loop or application crash) via a large value
for a span length.
CVE-2012-4287 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4287): dissectors/ packet- mongo.c in the MongoDB dissector in Wireshark 1.8.x
epan/
before 1.8.2 allows remote attackers to cause a denial of service (loop and
CPU consumption) via a small value for a BSON document length.
CVE-2012-4286 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4286): read_packet_ block function in wiretap/pcapng.c in the pcap-ng
The pcapng_
file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote
attackers to cause a denial of service (divide-by-zero error and application
crash) via a crafted pcap-ng file.
CVE-2012-4285 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2012- 4285): /packet- dcp-etsi. c in the DCP
The dissect_pft function in epan/dissectors
ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and
1.8.x before 1.8.2 allows remote attackers to cause a denial of service
(divide-by-zero error and application crash) via a zero-length message.