Kaspersky ID:
KLA10730
Дата обнаружения:
04/01/2016
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities

  1. Improper data validation and lack of restrictions can be exploited remotely via a specially designed packet or file;
  2. Improper memory access can be exploited remotely via a specially designed packet or file;
  3. Improper functions usage can be exploited remotely via a specially designed packet;
  4. Improper feature maintenance can be exploited remotely via a specially designed packet.

Technical details

Vulnerabilities (1) related to multiple reasons listed below:

dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c at the MS-WSP dissector does not validate column size.

dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c at the TDS dissector does not validate the number of columns.

s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c at the S7COMM dissector does not validate the list count in an SZL response.

mp2t_open function in wiretap/mp2t.c at the MP2T file parser does not validate the bit rate.

dissect_nwp function in epan/dissectors/packet-nwp.c at the NWP dissector mishandles the packet type.

ngsniffer_process_record function in wiretap/ngsniffer.c at the Sniffer file parser does not validate the relationships between record lengths and record header lengths.

dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c at the ZigBee ZCL dissector does not validate the Total Profile Number field.

dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c at the RSL dissector does not reject unknown TLV types.

epan/dissectors/packet-nbap.c at the NBAP dissector does not validate the number of items.

ascend_seek function in wiretap/ascendtext.c at the Ascend file parser does not ensure the presence of a ‘’ character at the end of a date string.

wiretap/vwr.c at the VeriWave file parser does not validate certain signature and Modulation and Coding Scheme (MCS) data.

dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c at the DIAMETER dissector does not validate the IPv6 prefix length.

AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c at the 802.11 dissector does not verify the WPA broadcast key length.

AirPDcapPacketProcess function in epan/crypt/airpdcap.c at the 802.11 dissector does not validate the relationship between the total length and the capture length.

epan/dissectors/packet-sctp.c at the SCTP dissector does not validate the frame pointer.

dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c at the BER dissector improperly checks an sscanf return value.

dissect_sdp function in epan/dissectors/packet-sdp.c at the SDP dissector does not prevent use of a negative media count.

init_t38_info_conv function in epan/dissectors/packet-t38.c at the T.38 dissector does not ensure that a conversation exists.

epan/dissectors/packet-alljoyn.c at the AllJoyn dissector does not check for empty arguments.

Vulnerabilities (2) related to multiple reasons listed below:

dissect_ppi function in epan/dissectors/packet-ppi.c at the PPI dissector does not initialize a packet-header data structure.

ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c at the IPMI dissector improperly attempts to access a packet scope.

mp2t_find_next_pcr function in wiretap/mp2t.c at the MP2T file parser does not reserve memory for a trailer.

get_value function in epan/dissectors/packet-btatt.c at the Bluetooth Attribute (aka BT ATT) dissector uses an incorrect integer data type.

Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c can be triggered via packet with zlib compression.

Double free vulnerability in epan/dissectors/packet-nlm.c at the NLM dissector can be triggered when the «Match MSG/RES packets for async NLM» option is enabled.

dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c at the DCOM dissector does not initialize a certain IPv4 data structure.

epan/dissectors/packet-umts_fp.c at the UMTS FP dissector does not properly reserve memory for channel ID mappings.

Vulnerabilities (3) related to multiple reasons listed below:

The Mobile Identity parser in epan/dissectors/packet-ansi_a.c at the ANSI A dissector and epan/dissectors/packet-gsm_a_common.c at the GSM A dissector improperly uses the tvb_bcd_dig_to_wmem_packet_str function.

dissect_dns_answer function in epan/dissectors/packet-dns.c at the DNS dissector mishandles the EDNS0 Client Subnet option.

Vulnerability (4) related to dissect_rsvp_common function in epan/dissectors/packet-rsvp.c at the RSVP dissector which does not properly maintain request-key data.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2015-8727
    warning
  • CVE-2015-8719
    warning
  • CVE-2015-8720
    warning
  • CVE-2015-8717
    warning
  • CVE-2015-8718
    warning
  • CVE-2015-8723
    warning
  • CVE-2015-8724
    warning
  • CVE-2015-8721
    warning
  • CVE-2015-8722
    warning
  • CVE-2015-8715
    warning
  • CVE-2015-8716
    warning
  • CVE-2015-8735
    warning
  • CVE-2015-8736
    warning
  • CVE-2015-8737
    warning
  • CVE-2015-8738
    warning
  • CVE-2015-8739
    warning
  • CVE-2015-8740
    warning
  • CVE-2015-8741
    warning
  • CVE-2015-8742
    warning
  • CVE-2015-8726
    warning
  • CVE-2015-8725
    warning
  • CVE-2015-8730
    warning
  • CVE-2015-8729
    warning
  • CVE-2015-8728
    warning
  • CVE-2015-8713
    warning
  • CVE-2015-8734
    warning
  • CVE-2015-8733
    warning
  • CVE-2015-8732
    warning
  • CVE-2015-8731
    warning
  • CVE-2015-8714
    warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.