Gerald Combs

**Nome do software vulnerável e versões afetadas** Versões do Wireshark 3.4.0 a 3.4.15 Versões do Wireshark 3.6.0 a 3.6.7 **Descrição** O problema está relacionado a um loop infinito no dissector do protocolo F5 Ethernet Trailer, o que permite um ataque de negação de serviço por meio da injeção de pacotes ou de um arquivo de captura malicioso. **Recomendações** Para as versões 3.4.0 a 3.4.15 do Wireshark, atualize para uma versão que contenha uma correção para este problema. Para as versões 3.6.0 a 3.6.7 do Wireshark, atualize para uma versão que contenha uma correção para este problema. Como solução alternativa temporária, considere desativar o dissecador de protocolo F5 Ethernet Trailer até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** Versões do Wireshark 3.2.0 a 3.2.17 Versões do Wireshark 3.4.0 a 3.4.9 **Descrição** O problema é causado por um estouro de buffer no dissector C12.22, permitindo que um invasor remoto provoque uma negação de serviço por meio da injeção de pacotes ou de um arquivo de captura malicioso. **Recomendações** Para as versões do Wireshark 3.2.0 a 3.2.17, atualize para uma versão que corrija o problema de estouro de buffer no dissector C12.22. Para as versões do Wireshark 3.4.0 a 3.4.9, atualize para uma versão que corrija o problema de estouro de buffer no dissector C12.22. Como solução alternativa temporária, considere desativar o dissector C12.22 até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas: Versões do Wireshark 2.6.0 a 2.6.15 Versões do Wireshark 3.0.0 a 3.0.9 Versões do Wireshark 3.2.0 a 3.2.2 Descrição: O dissector BACapp no Wireshark pode travar devido a recursão excessiva. Esse problema foi resolvido limitando a quantidade de recursão no arquivo epan/dissectors/packet-bacapp.c. A vulnerabilidade poderia permitir que um invasor remoto executasse código arbitrário. Recomendações: Para as versões 2.6.0 a 2.6.15 do Wireshark, atualize para uma versão em que o limite de recursão no dissector BACapp tenha sido corrigido. Para as versões 3.0.0 a 3.0.9 do Wireshark, atualize para uma versão em que o limite de recursão no dissector BACapp tenha sido corrigido. Para as versões 3.2.0 a 3.2.2 do Wireshark, atualize para uma versão em que o limite de recursão no dissector BACapp tenha sido corrigido. Como solução temporária, considere desativar o dissector BACapp até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** Versões 3.0.x a 3.0.7 do Wireshark **Descrição** O problema está relacionado a erros de desreferência de ponteiros, que podem ser explorados por um invasor remoto para causar uma negação de serviço. No dissector BT ATT, pode ocorrer uma falha devido a códigos de operação não validados. **Recomendações** Para as versões 3.0.x a 3.0.7 do Wireshark, atualize para a versão 3.0.8 ou posterior para resolver o problema. Como solução temporária, considere desativar o dissector BT ATT até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.12.x through 1.12.11 Wireshark versions 2.x through 2.0.3 **Description** The issue is related to the Toshiba file parser in Wireshark, where the `wiretap/toshiba.c` file mishandles `sscanf` unsigned-integer processing. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted file. **Recommendations** For Wireshark versions 1.12.x through 1.12.11, update to version 1.12.12 or later. For Wireshark versions 2.x through 2.0.3, update to version 2.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.12.x through 1.12.11 Wireshark versions 2.x through 2.0.3 **Description** The issue is related to the NetScreen file parser in Wireshark, where it mishandles sscanf unsigned-integer processing. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted file. **Recommendations** For Wireshark versions 1.12.x through 1.12.11, update to version 1.12.12 or later. For Wireshark versions 2.x through 2.0.3, update to version 2.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.12.x through 1.12.11 Wireshark versions 2.x through 2.0.3 **Description** The issue is related to the CoSine file parser in Wireshark, where the `wiretap/cosine.c` file mishandles `sscanf` unsigned-integer processing. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted file. **Recommendations** For Wireshark versions 1.12.x through 1.12.11, update to version 1.12.12 or later. For Wireshark versions 2.x through 2.0.3, update to version 2.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 2.0.0 through 2.0.1 **Description** The issue is related to the HTTP/2 dissector in Wireshark, where it does not limit the amount of header data. This allows remote attackers to cause a denial of service, either by consuming excessive memory or crashing the application, via a crafted packet. **Recommendations** For Wireshark versions 2.0.0 through 2.0.1, update to version 2.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.12.x through 1.12.4 **Description** The issue arises from the logcat dump text function in wiretap/logcat.c, which is part of the Android Logcat file parser in Wireshark. This function does not properly handle a lack of 0 termination, allowing remote attackers to cause a denial of service. This can be achieved by sending a crafted message in a packet, resulting in an out-of-bounds read and application crash. **Recommendations** For Wireshark versions 1.12.x through 1.12.4, update to version 1.12.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the logcat dump text function in wiretap/logcat.c until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.12.x through 1.12.4 **Description** The issue is related to the detect version function in the Android Logcat file parser, which does not check the length of the payload. This allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, via a packet with a crafted payload. **Recommendations** For Wireshark versions 1.12.x through 1.12.4, update to version 1.12.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.10.x through 1.10.12 Wireshark versions 1.12.x through 1.12.3 **Description** The issue is caused by an off-by-one error in the `pcapng read` function in the pcapng file parser. This error allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, by sending a crafted packet with an invalid Interface Statistics Block (ISB) interface ID. **Recommendations** For Wireshark versions 1.10.x through 1.10.12, update to version 1.10.13 or later. For Wireshark versions 1.12.x through 1.12.3, update to version 1.12.4 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.10.x through 1.10.3 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted packet-trace file that includes a large packet. **Recommendations** For Wireshark versions 1.10.x through 1.10.3, update to version 1.10.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.4.x through 1.4.14 Wireshark versions 1.6.x through 1.6.9 Wireshark versions 1.8.x through 1.8.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in loop and CPU consumption, via a large number of ACL entries in the AFP dissector. **Recommendations** For Wireshark versions 1.4.x through 1.4.14, update to version 1.4.15 or later. For Wireshark versions 1.6.x through 1.6.9, update to version 1.6.10 or later. For Wireshark versions 1.8.x through 1.8.1, update to version 1.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.4.x through 1.4.10 Wireshark versions 1.6.x through 1.6.4 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by sending a long packet in a capture file. This can be demonstrated using an airopeek file. **Recommendations** For Wireshark versions 1.4.x through 1.4.10, update to version 1.4.11 or later. For Wireshark versions 1.6.x through 1.6.4, update to version 1.6.5 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.0.x, 1.2.0 through 1.2.14, 1.4.0 through 1.4.3 **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, via certain LDAP filter strings. This can be achieved by using either a long LDAP filter string or an LDAP filter string containing many elements. **Recommendations** For Wireshark versions 1.0.x, consider updating to a version outside of the affected range to resolve the issue. For Wireshark versions 1.2.0 through 1.2.14, consider updating to a version outside of the affected range to resolve the issue. For Wireshark versions 1.4.0 through 1.4.3, consider updating to a version outside of the affected range to resolve the issue. As a temporary workaround, consider restricting the use of long or complex LDAP filter strings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.0.x, 1.2.0 through 1.2.14, 1.4.0 through 1.4.3 **Description** The issue allows remote attackers to cause a denial of service via a crafted packet. This can be achieved by exploiting the dissect ms compressed string and dissect mscldap string functions in Wireshark, leading to infinite recursion. The attack can be performed using a specially crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet. **Recommendations** For Wireshark versions 1.0.x, consider updating to a version outside of the affected range to resolve the issue. For Wireshark versions 1.2.0 through 1.2.14, consider updating to a version outside of the affected range to resolve the issue. For Wireshark versions 1.4.0 through 1.4.3, consider updating to a version outside of the affected range to resolve the issue. As a temporary workaround, consider restricting the use of the dissect ms compressed string and dissect mscldap string functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.4.0 through 1.4.3 **Description** The issue is caused by an off-by-one error in the dissect 6lowpan iphc function in packet-6lowpan.c, which allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. **Recommendations** For Wireshark versions 1.4.0 through 1.4.3, update to a version that contains a fix for this issue to prevent remote attackers from causing a denial of service.

**Name of the Vulnerable Software and Affected Versions** Ethereal versions 0.10.x up to 0.10.14 **Description** The issue affects multiple components, including H.248, X.509if, SRVLOC, H.245, AIM, and general packet dissectors, as well as the statistics counter. Remote attackers can cause a denial of service, leading to a crash due to a null dereference. **Recommendations** For Ethereal versions 0.10.x up to 0.10.14, consider disabling the affected dissectors, such as H.248, X.509if, SRVLOC, H.245, AIM, and general packet dissectors, until a fix is available. Additionally, restrict access to the statistics counter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ethereal versions 0.8.5 through 0.10.14 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via the telnet dissector. **Recommendations** For Ethereal versions 0.8.5 through 0.10.14, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ethereal versions 0.9.15 through 0.10.14 **Description** The issue is related to a buffer overflow that can be triggered via the COPS dissector, allowing remote attackers to cause a denial of service, potentially leading to a crash, and possibly execute arbitrary code. **Recommendations** For versions 0.9.15 through 0.10.14, update to a version that contains a fix for this issue to prevent potential exploitation.