Дата обнаружения
|
04/01/2016 |
Уровень угрозы
|
Warning |
Описание
|
Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities
Technical details Vulnerabilities (1) related to multiple reasons listed below: dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c at the MS-WSP dissector does not validate column size. dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c at the TDS dissector does not validate the number of columns. s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c at the S7COMM dissector does not validate the list count in an SZL response. mp2t_open function in wiretap/mp2t.c at the MP2T file parser does not validate the bit rate. dissect_nwp function in epan/dissectors/packet-nwp.c at the NWP dissector mishandles the packet type. ngsniffer_process_record function in wiretap/ngsniffer.c at the Sniffer file parser does not validate the relationships between record lengths and record header lengths. dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c at the ZigBee ZCL dissector does not validate the Total Profile Number field. dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c at the RSL dissector does not reject unknown TLV types. epan/dissectors/packet-nbap.c at the NBAP dissector does not validate the number of items. ascend_seek function in wiretap/ascendtext.c at the Ascend file parser does not ensure the presence of a ‘ |