SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Wireshark Vendors:   Wireshark.org
Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service
SecurityTracker Alert ID:  1034551
SecurityTracker URL:  http://securitytracker.com/id/1034551
CVE Reference:   CVE-2015-8711, CVE-2015-8712, CVE-2015-8713, CVE-2015-8714, CVE-2015-8715, CVE-2015-8716, CVE-2015-8717, CVE-2015-8718, CVE-2015-8719, CVE-2015-8720, CVE-2015-8721, CVE-2015-8722, CVE-2015-8723, CVE-2015-8724, CVE-2015-8725, CVE-2015-8726, CVE-2015-8727, CVE-2015-8728, CVE-2015-8729, CVE-2015-8730, CVE-2015-8731, CVE-2015-8732, CVE-2015-8733, CVE-2015-8734, CVE-2015-8735, CVE-2015-8736, CVE-2015-8737, CVE-2015-8738, CVE-2015-8739, CVE-2015-8740, CVE-2015-8741, CVE-2015-8742   (Links to External Site)
Updated:  Jan 5 2016
Original Entry Date:  Dec 31 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.12.0 to 1.12.8, 2.0.0
Description:   Multiple vulnerabilities were reported in Wireshark. A remote user can cause the target dissector to crash or enter an infinite loop.

A remote user can send specially crafted data to cause the target dissector or parser to crash.

The MS-WSP dissector is affected [CVE-2015-8742]. Version 2.0.0 is affected.

The PPI dissector is affected [CVE-2015-8741]. Version 2.0.0 is affected.

The TDS dissector is affected [CVE-2015-8740]. Version 2.0.0 is affected.

The IPMI dissector is affected [CVE-2015-8739]. Version 2.0.0 is affected.

The S7COMM dissector is affected [CVE-2015-8738]. Version 2.0.0 is affected.

The MP2T file parser is affected [CVE-2015-8736, CVE-2015-8737]. Version 2.0.0 is affected.

The BT ATT dissector is affected [CVE-2015-8735]. Version 2.0.0 is affected.

The NWP dissector is affected [CVE-2015-8734]. Version 2.0.0 is affected.

The Sniffer file parser is affected [CVE-2015-8733].

The ZigBee ZCL dissector is affected [CVE-2015-8732].

The RSL dissector is affected [CVE-2015-8731].

The NBAP dissector is affected [CVE-2015-8730].

The Ascend file parser is affected [CVE-2015-8729].

The ANSI A & GSM A dissectors are affected [CVE-2015-8728].

The RSVP dissector is affected [CVE-2015-8727].

The VeriWave file parser is affected [CVE-2015-8726].

The DIAMETER dissector is affected [CVE-2015-8725].

The 802.11 decryption is affected [CVE-2015-8723, CVE-2015-8724].

The SCTP dissector is affected [CVE-2015-8722].

The Zlib decompression is affected [CVE-2015-8721].

The BER dissector is affected [CVE-2015-8720].

The DNS dissector is affected [CVE-2015-8719]. Versions 1.12.x are affected.

The NLM dissector is affected [CVE-2015-8718].

The SDP dissector is affected [CVE-2015-8717]. Versions 1.12.x are affected.

The T.38 dissector is affected [CVE-2015-8716]. Versions 1.12.x are affected.

The DCOM dissector is affected [CVE-2015-8714]. Versions 1.12.x are affected.

The UMTS FP dissector is affected [CVE-2015-8712, CVE-2015-8713]. Versions 1.12.x are affected.

The NBAP dissector is affected [CVE-2015-8711].

A remote user can send specially crafted data to cause the target AllJoyn dissector to enter an infinite loop [CVE-2015-8715]. Versions 1.12.x are affected.

Karol Roslaniec, Boaz Brickner, and Mateusz Jurczyk reported some of these vulnerabilities.

Impact:   A remote user can cause the target dissector or parser to crash or enter an infinite loop.
Solution:   The vendor has issued a fix (1.12.9, 2.0.1).

The vendor's advisories are available at:

https://www.wireshark.org/security/wnpa-sec-2015-31.html
https://www.wireshark.org/security/wnpa-sec-2015-32.html
https://www.wireshark.org/security/wnpa-sec-2015-33.html
https://www.wireshark.org/security/wnpa-sec-2015-34.html
https://www.wireshark.org/security/wnpa-sec-2015-35.html
https://www.wireshark.org/security/wnpa-sec-2015-36.html
https://www.wireshark.org/security/wnpa-sec-2015-37.html
https://www.wireshark.org/security/wnpa-sec-2015-38.html
https://www.wireshark.org/security/wnpa-sec-2015-39.html
https://www.wireshark.org/security/wnpa-sec-2015-40.html
https://www.wireshark.org/security/wnpa-sec-2015-41.html
https://www.wireshark.org/security/wnpa-sec-2015-42.html
https://www.wireshark.org/security/wnpa-sec-2015-43.html
https://www.wireshark.org/security/wnpa-sec-2015-44.html
https://www.wireshark.org/security/wnpa-sec-2015-45.html
https://www.wireshark.org/security/wnpa-sec-2015-46.html
https://www.wireshark.org/security/wnpa-sec-2015-47.html
https://www.wireshark.org/security/wnpa-sec-2015-48.html
https://www.wireshark.org/security/wnpa-sec-2015-49.html
https://www.wireshark.org/security/wnpa-sec-2015-50.html
https://www.wireshark.org/security/wnpa-sec-2015-51.html
https://www.wireshark.org/security/wnpa-sec-2015-52.html
https://www.wireshark.org/security/wnpa-sec-2015-53.html
https://www.wireshark.org/security/wnpa-sec-2015-54.html
https://www.wireshark.org/security/wnpa-sec-2015-55.html
https://www.wireshark.org/security/wnpa-sec-2015-56.html
https://www.wireshark.org/security/wnpa-sec-2015-57.html
https://www.wireshark.org/security/wnpa-sec-2015-58.html
https://www.wireshark.org/security/wnpa-sec-2015-59.html
https://www.wireshark.org/security/wnpa-sec-2015-60.html

Vendor URL:  www.wireshark.org/security/wnpa-sec-2015-31.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC