Liuyinsheng

#11248of 53,633
24.4Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2018-18937
7.5
2018-02-28
Wireshark · Wireshark · CVE-2018-9259
**Name of the Vulnerable Software and Affected Versions** Wireshark versions 2.2.0 through 2.2.13 Wireshark versions 2.4.0 through 2.4.5 **Description** The issue concerns a crash in the MP4 dissector. This was resolved by restricting the box recursion depth in the file-mp4.c dissector. **Recommendations** For Wireshark versions 2.2.0 through 2.2.13, update to a version that includes the fix in epan/dissectors/file-mp4.c. For Wireshark versions 2.4.0 through 2.4.5, update to a version that includes the fix in epan/dissectors/file-mp4.c.
PT-2017-19075
5.5
2017-06-14
Wireshark · Wireshark · CVE-2017-9616
**Name of the Vulnerable Software and Affected Versions** Wireshark version 2.2.7 **Description** The issue is related to overly deep mp4 chunks that may cause stack exhaustion due to uncontrolled recursion in the `dissect mp4 box` function. **Recommendations** For Wireshark version 2.2.7, consider updating to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2017-19076
5.5
2017-06-14
Wireshark · Wireshark · CVE-2017-9617
**Name of the Vulnerable Software and Affected Versions** Wireshark version 2.2.7 **Description** The issue is related to deeply nested DAAP data, which may cause stack exhaustion due to uncontrolled recursion in the `dissect daap one tag` function in the DAAP dissector. **Recommendations** For Wireshark version 2.2.7, consider updating to a newer version to mitigate the risk of stack exhaustion due to uncontrolled recursion in the DAAP dissector. As a temporary workaround, consider restricting the use of the DAAP dissector until a patch is available.
PT-2016-5805
5.9
2016-04-25
Wireshark · Wireshark · CVE-2016-4006
**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.12.x through 1.12.10 Wireshark versions 2.0.x through 2.0.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in stack memory consumption and application crash, via a crafted packet. This is due to the lack of limitation on the protocol-tree depth in the epan/proto.c file. **Recommendations** For Wireshark versions 1.12.x through 1.12.10, update to version 1.12.11 or later. For Wireshark versions 2.0.x through 2.0.2, update to version 2.0.3 or later.