 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.807446 |
| Categoría: | Denial of Service |
| Título: | Wireshark Multiple Denial-of-Service Vulnerabilities (Mar 2016) - Windows |
| Resumen: | Wireshark is prone to multiple denial of service vulnerabilities. |
| Descripción: | Summary: Wireshark is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - The 'dissect_nhdr_extopt' function in 'epan/dissectors/packet-lbmc.c' script in the LBMC dissector does not validate length values. - The 'wiretap/nettrace_3gpp_32_423.c' script in the 3GPP TS 32.423 Trace file parser does not ensure that a '\0' character is present at the end of certain strings. - The 'epan/dissectors/packet-hiqnet.c' script in the HiQnet dissector does not validate the data type. - The 'epan/dissectors/packet-x509af.c' script in the X.509AF dissector mishandles the algorithm ID. - The 'epan/dissectors/packet-http2.c' script in the HTTP/2 dissector does not limit the amount of header data. - The 'dissect_ber_constrained_bitstring' function in 'epan/dissectors/packet-ber.c' script in the ASN.1 BER dissector does not verify that a certain length is nonzero. - A heap-based buffer overflow error in 'wiretap/vwr.c' script in the Ixia IxVeriWave file parser. - An error in NFS dissector. - 'epan/dissectors/packet-spice.c' script in the SPICE dissector in mishandles capability data. - 'epan/dissectors/packet-ieee80211.c' script in the IEEE 802.11 dissector mishandles the Grouping subfield. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct denial of service attack. Affected Software/OS: Wireshark version 2.0.x before 2.0.2 on Windows Solution: Upgrade to Wireshark version 2.0.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-2528 https://security.gentoo.org/glsa/201604-05 http://www.securitytracker.com/id/1035118 Common Vulnerability Exposure (CVE) ID: CVE-2016-2527 Common Vulnerability Exposure (CVE) ID: CVE-2016-2526 Common Vulnerability Exposure (CVE) ID: CVE-2016-2524 Common Vulnerability Exposure (CVE) ID: CVE-2016-2525 Common Vulnerability Exposure (CVE) ID: CVE-2016-2522 Common Vulnerability Exposure (CVE) ID: CVE-2016-4415 https://code.google.com/p/google-security-research/issues/detail?id=647 Common Vulnerability Exposure (CVE) ID: CVE-2016-4416 Common Vulnerability Exposure (CVE) ID: CVE-2016-4419 Common Vulnerability Exposure (CVE) ID: CVE-2016-4420 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |