The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Wireshark

vulnerability announce CVE-2017-13764 CVE-2017-13765 CVE-2017-13766

Wireshark: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, WindRiver Linux, Wireshark.
Severity: 2/4.
Creation date: 31/08/2017.
Identifiers: bulletinoct2017, CERTFR-2017-AVI-278, CVE-2017-13764, CVE-2017-13765, CVE-2017-13766, CVE-2017-13767, DSA-4060-1, FEDORA-2017-9fd430dba0, openSUSE-SU-2017:2349-1, VIGILANCE-VUL-23642, wnpa-sec-2017-38, wnpa-sec-2017-39, wnpa-sec-2017-40, wnpa-sec-2017-41.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can generate an infinite loop via MSDP, in order to trigger a denial of service. [severity:1/4; CVE-2017-13767, wnpa-sec-2017-38]

An attacker can generate a buffer overflow via Profinet I/O, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-13766, wnpa-sec-2017-39]

An attacker can trigger a fatal error via Modbus, in order to trigger a denial of service. [severity:1/4; CVE-2017-13764, wnpa-sec-2017-40]

An attacker can generate a buffer overflow via IrCOMM, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-13765, wnpa-sec-2017-41]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-11406 CVE-2017-11407 CVE-2017-11408

Wireshark: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Wireshark.
Severity: 2/4.
Creation date: 19/07/2017.
Identifiers: bulletinjul2017, CVE-2017-11406, CVE-2017-11407, CVE-2017-11408, CVE-2017-11409, CVE-2017-11410, CVE-2017-11411, DLA-1226-1, DSA-4060-1, FEDORA-2017-f1f3dafb50, openSUSE-SU-2017:1958-1, VIGILANCE-VUL-23295, wnpa-sec-2017-13, wnpa-sec-2017-28, wnpa-sec-2017-34, wnpa-sec-2017-35, wnpa-sec-2017-36, wnpa-sec-2017-37.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can send malicious AMQP packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-11408, wnpa-sec-2017-34]

An attacker can send malicious MQ packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-11407, wnpa-sec-2017-35]

An attacker can generate an infinite loop via DOCSIS, in order to trigger a denial of service. [severity:1/4; CVE-2017-11406, wnpa-sec-2017-36]

An attacker can generate an infinite loop via GPRS LLC, in order to trigger a denial of service. [severity:1/4; CVE-2017-11409, wnpa-sec-2017-37]

An attacker can generate an infinite loop via WBXML, in order to trigger a denial of service. [severity:1/4; CVE-2017-11410, wnpa-sec-2017-13]

An attacker can trigger a fatal error via openSAFETY, in order to trigger a denial of service. [severity:1/4; CVE-2017-11411, wnpa-sec-2017-28]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-9616 CVE-2017-9617

Wireshark: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Fedora, Wireshark.
Severity: 2/4.
Creation date: 15/06/2017.
Identifiers: 13777, 13799, CVE-2017-9616, CVE-2017-9617, FEDORA-2018-cdf3f8e8b0, VIGILANCE-VUL-22982.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can trigger a stack exhaustion by large nesting of DAAP structures. [severity:2/4; 13799, CVE-2017-9617]

An attacker can trigger a stack exhaustion by large nesting of DAAP structures. [severity:2/4; 13777, CVE-2017-9616]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-9343 CVE-2017-9344 CVE-2017-9345

Wireshark: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Fedora, openSUSE Leap, Solaris, Wireshark.
Severity: 2/4.
Creation date: 02/06/2017.
Identifiers: bulletinjul2017, CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354, FEDORA-2017-5f15bf15cf, FEDORA-2017-f0509fbf37, openSUSE-SU-2017:1534-1, openSUSE-SU-2017:1958-1, VIGILANCE-VUL-22886, wnpa-sec-2017-22, wnpa-sec-2017-23, wnpa-sec-2017-24, wnpa-sec-2017-25, wnpa-sec-2017-26, wnpa-sec-2017-27, wnpa-sec-2017-28, wnpa-sec-2017-29, wnpa-sec-2017-30, wnpa-sec-2017-31, wnpa-sec-2017-32, wnpa-sec-2017-33.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can generate an infinite loop via Bazaar, in order to trigger a denial of service. [severity:2/4; CVE-2017-9352, wnpa-sec-2017-22]

An attacker can force a read at an invalid address via DOF, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-9348, wnpa-sec-2017-23]

An attacker can force a read at an invalid address via DHCP, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2017-9351, wnpa-sec-2017-24]

An attacker can generate an infinite loop via SoulSeek, in order to trigger a denial of service. [severity:2/4; CVE-2017-9346, wnpa-sec-2017-25]

An attacker can generate an infinite loop via DNS, in order to trigger a denial of service. [severity:2/4; CVE-2017-9345, wnpa-sec-2017-26]

An attacker can generate an infinite loop via DICOM, in order to trigger a denial of service. [severity:2/4; CVE-2017-9349, wnpa-sec-2017-27]

An attacker can create a memory leak via openSAFETY, in order to trigger a denial of service. [severity:2/4; CVE-2017-9350, wnpa-sec-2017-28]

An attacker can trigger a fatal error via BT L2CAP, in order to trigger a denial of service. [severity:2/4; CVE-2017-9344, wnpa-sec-2017-29]

An attacker can send malicious MSNIP packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-9343, wnpa-sec-2017-30]

An attacker can send malicious ROS packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-9347, wnpa-sec-2017-31]

An attacker can send malicious RGMP packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-9354, wnpa-sec-2017-32]

An attacker can send malicious IPv6 packets, in order to trigger a denial of service. [severity:1/4; CVE-2017-9353, wnpa-sec-2017-33]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-7700 CVE-2017-7701 CVE-2017-7702

Wireshark: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: openSUSE Leap, Wireshark.
Severity: 2/4.
Creation date: 13/04/2017.
Identifiers: CERTFR-2017-AVI-114, CVE-2017-7700, CVE-2017-7701, CVE-2017-7702, CVE-2017-7703, CVE-2017-7704, CVE-2017-7705, CVE-2017-7745, CVE-2017-7746, CVE-2017-7747, CVE-2017-7748, openSUSE-SU-2017:1087-1, openSUSE-SU-2017:1958-1, VIGILANCE-VUL-22444, wnpa-sec-2017-12, wnpa-sec-2017-13, wnpa-sec-2017-14, wnpa-sec-2017-15, wnpa-sec-2017-16, wnpa-sec-2017-17, wnpa-sec-2017-18, wnpa-sec-2017-19, wnpa-sec-2017-20, wnpa-sec-2017-21.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can send malicious IMAP packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-7703, wnpa-sec-2017-12]

An attacker can send malicious WBXML packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-7702, wnpa-sec-2017-13]

An attacker can send malicious NetScaler files, in order to trigger a denial of service. [severity:2/4; CVE-2017-7700, wnpa-sec-2017-14]

An attacker can send malicious RPC over RDMA packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-7705, wnpa-sec-2017-15]

An attacker can send malicious BGP packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-7701, wnpa-sec-2017-16]

An attacker can send malicious DOF packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-7704, wnpa-sec-2017-17]

An attacker can send malicious PacketBB packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-7747, wnpa-sec-2017-18]

An attacker can send malicious SLSK packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-7746, wnpa-sec-2017-19]

An attacker can send malicious SIGCOMP packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-7745, wnpa-sec-2017-20]

An attacker can send malicious WSP packets, in order to trigger a denial of service. [severity:2/4; CVE-2017-7748, wnpa-sec-2017-21]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-6467 CVE-2017-6468 CVE-2017-6469

Wireshark: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Wireshark.
Severity: 1/4.
Creation date: 06/03/2017.
Identifiers: bulletinapr2017, CERTFR-2017-AVI-065, CVE-2017-6467, CVE-2017-6468, CVE-2017-6469, CVE-2017-6470, CVE-2017-6471, CVE-2017-6472, CVE-2017-6473, CVE-2017-6474, DLA-858-1, DSA-3811-1, FEDORA-2017-6c91c98b33, openSUSE-SU-2017:0664-1, VIGILANCE-VUL-22019, wnpa-sec-2017-03, wnpa-sec-2017-04, wnpa-sec-2017-05, wnpa-sec-2017-06, wnpa-sec-2017-07, wnpa-sec-2017-08, wnpa-sec-2017-09, wnpa-sec-2017-10, wnpa-sec-2017-11.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can send malicious LDSS packets, in order to trigger a denial of service. [severity:1/4; CVE-2017-6469, wnpa-sec-2017-03]

An attacker can generate an infinite loop via RTMPT, in order to trigger a denial of service. [severity:1/4; CVE-2017-6472, wnpa-sec-2017-04]

An attacker can generate an infinite loop via WSP, in order to trigger a denial of service. [severity:1/4; CVE-2017-6471, wnpa-sec-2017-05]

An attacker can generate an infinite loop via STANAG 4607, in order to trigger a denial of service. [severity:1/4; wnpa-sec-2017-06]

An attacker can generate an infinite loop via NetScaler, in order to trigger a denial of service. [severity:1/4; CVE-2017-6467, wnpa-sec-2017-07]

An attacker can trigger a fatal error via NetScaler, in order to trigger a denial of service. [severity:1/4; CVE-2017-6468, wnpa-sec-2017-08]

An attacker can trigger a fatal error via K12, in order to trigger a denial of service. [severity:1/4; CVE-2017-6473, wnpa-sec-2017-09]

An attacker can generate an infinite loop via IAX2, in order to trigger a denial of service. [severity:1/4; CVE-2017-6470, wnpa-sec-2017-10]

An attacker can generate an infinite loop via Netscaler, in order to trigger a denial of service. [severity:1/4; CVE-2017-6474, wnpa-sec-2017-11]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-5596 CVE-2017-5597

Wireshark: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE Leap, Wireshark.
Severity: 2/4.
Creation date: 24/01/2017.
Identifiers: CERTFR-2017-AVI-027, CVE-2017-5596, CVE-2017-5597, DLA-858-1, DSA-3811-1, FEDORA-2017-541aea2890, openSUSE-SU-2017:0364-1, VIGILANCE-VUL-21659, wnpa-sec-2017-01, wnpa-sec-2017-02.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can generate an infinite loop via ASTERIX, in order to trigger a denial of service. [severity:2/4; CVE-2017-5596, wnpa-sec-2017-01]

An attacker can generate an infinite loop via DHCPv6, in order to trigger a denial of service. [severity:2/4; CVE-2017-5597, wnpa-sec-2017-02]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 21390

Wireshark sur Windows: arbitrary file removal

Synthesis of the vulnerability

An attacker can configure WinSparkle in Wireshark for Windows, in order to delete arbitrary folders.
Impacted products: Wireshark.
Severity: 2/4.
Creation date: 15/12/2016.
Identifiers: 13217, VIGILANCE-VUL-21390.

Description of the vulnerability

Wireshark for Windows includes WinSparkle.

WinSparkle delete the folder named in te the registry value HKCU\Software\Wireshark\WinSparkle Settings\UpdateTempDir. However, the user defining this value may not be allowed to remove this folder. If Wireshark is run with extended privileges, it will delete normally protected files.

An attacker can therefore configure WinSparkle in Wireshark for Windows, in order to delete arbitrary folders.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-9372 CVE-2016-9373 CVE-2016-9374

Wireshark: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, openSUSE Leap, Solaris, Wireshark.
Severity: 2/4.
Creation date: 17/11/2016.
Identifiers: bulletinjan2017, CERTFR-2016-AVI-381, CVE-2016-9372, CVE-2016-9373, CVE-2016-9374, CVE-2016-9375, CVE-2016-9376, DLA-714-1, DSA-3719-1, openSUSE-SU-2016:2923-1, VIGILANCE-VUL-21143, wnpa-sec-2016-58, wnpa-sec-2016-59, wnpa-sec-2016-60, wnpa-sec-2016-61, wnpa-sec-2016-62.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can generate an infinite loop via Profinet I/O, in order to trigger a denial of service. [severity:1/4; CVE-2016-9372, wnpa-sec-2016-58]

An attacker can send malicious AllJoyn packets, in order to trigger a denial of service. [severity:2/4; CVE-2016-9374, wnpa-sec-2016-59]

An attacker can send malicious OpenFlow packets, in order to trigger a denial of service. [severity:2/4; CVE-2016-9376, wnpa-sec-2016-60]

An attacker can send malicious DCERPC packets, in order to trigger a denial of service. [severity:2/4; CVE-2016-9373, wnpa-sec-2016-61]

An attacker can generate an infinite loop via DTN, in order to trigger a denial of service. [severity:1/4; CVE-2016-9375, wnpa-sec-2016-62]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-7957 CVE-2016-7958

Wireshark: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Solaris, Wireshark.
Severity: 2/4.
Creation date: 05/10/2016.
Identifiers: bulletinjul2018, CERTFR-2016-AVI-327, CVE-2016-7957, CVE-2016-7958, VIGILANCE-VUL-20773, wnpa-sec-2016-56, wnpa-sec-2016-57.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can send a malicious L2CAP packet, in order to trigger a denial of service. [severity:2/4; CVE-2016-7957, wnpa-sec-2016-56]

An attacker can send a malicious NCP packet, in order to trigger a denial of service. [severity:2/4; CVE-2016-7958, wnpa-sec-2016-57]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Wireshark: