Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Wireshark
Опубликовано:9 апреля 2015 г.
Источник:
SecurityVulns ID:14369
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS при разборе WCP, pcapng и TNEF.
Затронутые продукты:WIRESHARK : Wireshark 1.12
CVE:CVE-2015-2191 (Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.)
 CVE-2015-2189 (Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.)
 CVE-2015-2188 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3210-1] wireshark security update (09.04.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород