wireshark -- multiple vulnerabilities

2016-06-0700:00:00

vuxml.freebsd.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.01 Low

EPSS

Percentile

83.4%

JSON

Wireshark development team reports:

The following vulnerabilities have been fixed:

wnpa-sec-2016-29
The SPOOLS dissector could go into an infinite loop. Discovered
by the CESG.
wnpa-sec-2016-30
The IEEE 802.11 dissector could crash. (Bug 11585)
wnpa-sec-2016-31
The IEEE 802.11 dissector could crash. Discovered by Mateusz
Jurczyk. (Bug 12175)
wnpa-sec-2016-32
The UMTS FP dissector could crash. (Bug 12191)
wnpa-sec-2016-33
Some USB dissectors could crash. Discovered by Mateusz
Jurczyk. (Bug 12356)
wnpa-sec-2016-34
The Toshiba file parser could crash. Discovered by iDefense
Labs. (Bug 12394)
wnpa-sec-2016-35
The CoSine file parser could crash. Discovered by iDefense
Labs. (Bug 12395)
wnpa-sec-2016-36
The NetScreen file parser could crash. Discovered by iDefense
Labs. (Bug 12396)
wnpa-sec-2016-37
The Ethernet dissector could crash. (Bug 12440)

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchwireshark< 2.0.4UNKNOWN
FreeBSDanynoarchwireshark-lite< 2.0.4UNKNOWN
FreeBSDanynoarchwireshark-qt5< 2.0.4UNKNOWN
FreeBSDanynoarchtshark< 2.0.4UNKNOWN
FreeBSDanynoarchtshark-lite< 2.0.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	wireshark	< 2.0.4	UNKNOWN
FreeBSD	any	noarch	wireshark-lite	< 2.0.4	UNKNOWN
FreeBSD	any	noarch	wireshark-qt5	< 2.0.4	UNKNOWN
FreeBSD	any	noarch	tshark	< 2.0.4	UNKNOWN
FreeBSD	any	noarch	tshark-lite	< 2.0.4	UNKNOWN