Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-3561

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 May, 2013 | 01:00
Updated At-06 Aug, 2024 | 16:14
Rejected At-
Credits

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 May, 2013 | 01:00
Updated At:06 Aug, 2024 | 16:14
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16755
vdb-entry
signature
x_refsource_OVAL
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336
x_refsource_CONFIRM
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919
x_refsource_CONFIRM
http://secunia.com/advisories/53425
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/54425
third-party-advisory
x_refsource_SECUNIA
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448
x_refsource_CONFIRM
http://www.wireshark.org/security/wnpa-sec-2013-31.html
x_refsource_CONFIRM
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336
x_refsource_CONFIRM
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464
x_refsource_CONFIRM
http://www.wireshark.org/security/wnpa-sec-2013-29.html
x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
vendor-advisory
x_refsource_GENTOO
http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
vendor-advisory
x_refsource_SUSE
http://www.wireshark.org/security/wnpa-sec-2013-30.html
x_refsource_CONFIRM
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919
x_refsource_CONFIRM
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458
x_refsource_CONFIRM
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html
vendor-advisory
x_refsource_SUSE
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48894
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
vendor-advisory
x_refsource_SUSE
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16755
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336
Resource:
x_refsource_CONFIRM
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/53425
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/54425
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-31.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-29.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-30.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458
Resource:
x_refsource_CONFIRM
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48894
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16755
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336
x_refsource_CONFIRM
x_transferred
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/53425
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/54425
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448
x_refsource_CONFIRM
x_transferred
http://www.wireshark.org/security/wnpa-sec-2013-31.html
x_refsource_CONFIRM
x_transferred
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336
x_refsource_CONFIRM
x_transferred
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464
x_refsource_CONFIRM
x_transferred
http://www.wireshark.org/security/wnpa-sec-2013-29.html
x_refsource_CONFIRM
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.wireshark.org/security/wnpa-sec-2013-30.html
x_refsource_CONFIRM
x_transferred
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919
x_refsource_CONFIRM
x_transferred
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458
x_refsource_CONFIRM
x_transferred
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48894
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16755
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/53425
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/54425
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-31.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-29.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-30.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48894
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 May, 2013 | 03:18
Updated At:11 Apr, 2025 | 00:51

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>12.2
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>12.3
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.8.0
cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.8.1
cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.8.2
cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.8.3
cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.8.4
cpe:2.3:a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.8.5
cpe:2.3:a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.8.6
cpe:2.3:a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919cve@mitre.org
N/A
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894cve@mitre.org
N/A
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336cve@mitre.org
N/A
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336cve@mitre.org
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48894cve@mitre.org
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919cve@mitre.org
Patch
http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.htmlcve@mitre.org
N/A
http://secunia.com/advisories/53425cve@mitre.org
N/A
http://secunia.com/advisories/54425cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xmlcve@mitre.org
N/A
http://www.wireshark.org/security/wnpa-sec-2013-29.htmlcve@mitre.org
Vendor Advisory
http://www.wireshark.org/security/wnpa-sec-2013-30.htmlcve@mitre.org
Vendor Advisory
http://www.wireshark.org/security/wnpa-sec-2013-31.htmlcve@mitre.org
Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448cve@mitre.org
N/A
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458cve@mitre.org
N/A
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16755cve@mitre.org
N/A
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919af854a3a-2127-422b-91ae-364da2661108
N/A
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894af854a3a-2127-422b-91ae-364da2661108
N/A
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336af854a3a-2127-422b-91ae-364da2661108
N/A
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336af854a3a-2127-422b-91ae-364da2661108
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48894af854a3a-2127-422b-91ae-364da2661108
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919af854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/53425af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/54425af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.wireshark.org/security/wnpa-sec-2013-29.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.wireshark.org/security/wnpa-sec-2013-30.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.wireshark.org/security/wnpa-sec-2013-31.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16755af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48894
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/53425
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/54425
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-29.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-30.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-31.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16755
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48894
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/53425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/54425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-29.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-30.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2013-31.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16755
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

131Records found
CVE-2017-7748
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 54.83%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-8309
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.36% / 79.40%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.

Action-Not Available
Vendor-n/aQEMUDebian GNU/LinuxRed Hat, Inc.
Product-qemudebian_linuxopenstackn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2011-2748
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-87.79% / 99.44%
||
7 Day CHG~0.00%
Published-15 Aug, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.

Action-Not Available
Vendor-n/aCanonical Ltd.Internet Systems Consortium, Inc.Debian GNU/Linux
Product-ubuntu_linuxdhcpdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3092
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-44.75% / 97.49%
||
7 Day CHG~0.00%
Published-04 Jul, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/LinuxHP Inc.Canonical Ltd.
Product-tomcatcommons_fileuploadubuntu_linuxicewall_sso_agent_optionicewall_identity_managerdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2189
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-10.90% / 93.12%
||
7 Day CHG~0.00%
Published-10 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-linux_kernelenterprise_linuxdebian_linuxubuntu_linuxenterprise_mrgn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-2749
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-75.34% / 98.84%
||
7 Day CHG~0.00%
Published-15 Aug, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.

Action-Not Available
Vendor-n/aCanonical Ltd.Internet Systems Consortium, Inc.Debian GNU/Linux
Product-ubuntu_linuxdhcpdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7645
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.01% / 94.51%
||
7 Day CHG~0.00%
Published-18 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Linux Kernel Organization, Inc
Product-linux_kerneldebian_linuxubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8702
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-0.76% / 72.29%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

Action-Not Available
Vendor-inspircdn/aDebian GNU/Linux
Product-debian_linuxinspircdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-32920
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.70%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 15:14
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.

Action-Not Available
Vendor-prosodyn/aDebian GNU/LinuxFedora Project
Product-prosodydebian_linuxfedoran/a
CVE-2021-28706
Matching Score-8
Assigner-Xen Project
ShareView Details
Matching Score-8
Assigner-Xen Project
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.88%
||
7 Day CHG~0.00%
Published-24 Nov, 2021 | 00:00
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoraxen
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2016-5300
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.94% / 82.66%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

Action-Not Available
Vendor-libexpat_projectn/aGoogle LLCDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxubuntu_linuxlibexpatandroidn/a
CVE-2019-11810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 13:04
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-5507
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-11.40% / 93.30%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2009-3241
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-6.19% / 90.48%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 10:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2018-5819
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.31%
||
7 Day CHG~0.00%
Published-20 Feb, 2019 | 18:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.

Action-Not Available
Vendor-librawFlexera Software LLCDebian GNU/Linux
Product-librawdebian_linuxLibRaw
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-5391
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-1.73% / 81.69%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.F5, Inc.Siemens AGLinux Kernel Organization, IncMicrosoft Corporation
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerenterprise_linux_server_euswindows_8.1big-ip_policy_enforcement_managerenterprise_linux_server_ausscalance_sc-600_firmwaresimatic_rf188_firmwareruggedcom_rm1224_firmwarebig-ip_local_traffic_managersimatic_net_cp_1243-7_lte_uswindows_10simatic_net_cp_1243-7_lte_us_firmwarescalance_w700_ieee_802.11a\/b\/g\/nsinema_remote_connect_serverenterprise_linux_workstationsimatic_net_cp_1243-1simatic_net_cp_1243-7_lte_eu_firmwaresimatic_rf185c_firmwarescalance_s615_firmwaresimatic_net_cp_1543sp-1enterprise_linux_desktopsimatic_net_cp_1543-1scalance_m-800_firmwaresimatic_net_cp_1242-7_firmwaresimatic_net_cp_1542sp-1_firmwarebig-ip_domain_name_systemsimatic_net_cp_1543sp-1_firmwarescalance_w1700_ieee_802.11ac_firmwareruggedcom_rox_iisimatic_net_cp_1542sp-1big-ip_edge_gatewaydebian_linuxlinux_kernelsimatic_net_cp_1543-1_firmwarescalance_sc-600simatic_net_cp_1242-7simatic_net_cp_1243-1_firmwarewindows_server_2008simatic_net_cp_1542sp-1_irc_firmwareenterprise_linux_serverwindows_server_2016windows_server_2012simatic_rf188big-ip_fraud_protection_serviceruggedcom_rox_ii_firmwarescalance_w700_ieee_802.11a\/b\/g\/n_firmwaresimatic_rf186c_firmwaresimatic_net_cp_1542sp-1_ircbig-ip_application_security_managerruggedcom_rm1224simatic_rf185cscalance_s615simatic_rf186cisimatic_net_cp_1243-8_ircbig-ip_access_policy_managersimatic_net_cp_1243-8_irc_firmwaresimatic_rf186ci_firmwaresimatic_rf188ci_firmwaresinema_remote_connect_server_firmwarewindows_rt_8.1big-ip_global_traffic_managerbig-ip_analyticssimatic_rf186cbig-ip_link_controllerscalance_w1700_ieee_802.11acwindows_7scalance_m-800enterprise_linux_server_tusbig-ip_advanced_firewall_managersimatic_rf188cisimatic_net_cp_1243-7_lte_euKernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5390
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-19.92% / 95.25%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Linux Kernel Organization, IncF5, Inc.A10 NetworksCisco Systems, Inc.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxtelepresence_video_communication_server_firmwarebig-ip_webacceleratortelepresence_conductor_firmwarebig-ip_application_acceleration_managerenterprise_linux_server_eusbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceenterprise_linux_server_ausmeeting_managementtelepresence_conductorbig-ip_local_traffic_managerbig-ip_application_security_managerwebex_hybrid_data_securitythreat_grid-cloudtelepresence_video_communication_serverenterprise_linux_workstationbig-ip_access_policy_managerenterprise_linux_desktopvirtualizationtraffix_systems_signaling_delivery_controlleradvanced_core_operating_systemaruba_airwave_ampbig-ip_global_traffic_managerexpressway_seriesaruba_clearpass_policy_managerbig-ip_analyticsbig-ip_domain_name_systemexpresswaybig-ip_edge_gatewaydebian_linuxlinux_kernelbig-ip_link_controllercollaboration_meeting_roomsdigital_network_architecture_centerwebex_video_meshenterprise_linux_server_tusbig-ip_advanced_firewall_managernetwork_assurance_engineLinux Kernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-5143
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-15.81% / 94.48%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

Action-Not Available
Vendor-n/aCanonical Ltd.DjangoOracle CorporationDebian GNU/Linux
Product-debian_linuxdjangoubuntu_linuxsolarisn/a
CVE-2015-3808
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.27%
||
7 Day CHG~0.00%
Published-26 May, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2015-4047
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.59% / 87.30%
||
7 Day CHG~0.00%
Published-29 May, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

Action-Not Available
Vendor-ipsec-toolsn/aFedora ProjectDebian GNU/LinuxF5, Inc.Canonical Ltd.
Product-big-iq_devicebig-iq_adcbig-ip_protocol_security_managerbig-ip_analyticsenterprise_managerbig-iq_centralized_managementbig-ip_local_traffic_managerbig-ip_domain_name_systembig-iq_securitydebian_linuxbig-ip_advanced_firewall_managerbig-iq_cloudbig-ip_link_controllerbig-ip_edge_gatewayfedorabig-ip_application_acceleration_managerbig-ip_wan_optimization_managerubuntu_linuxbig-ip_application_security_managerbig-ip_global_traffic_managerbig-ip_webacceleratorbig-iq_cloud_and_orchestrationipsec-toolsbig-ip_policy_enforcement_managerbig-ip_access_policy_managern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-3810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.02%
||
7 Day CHG~0.00%
Published-26 May, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2015-1779
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-5.08% / 89.39%
||
7 Day CHG~0.00%
Published-12 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.Fedora ProjectDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausqemuenterprise_linux_eusfedoraubuntu_linuxenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxlinuxvirtualizationn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2015-1414
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.56% / 67.41%
||
7 Day CHG~0.00%
Published-27 Feb, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.

Action-Not Available
Vendor-netgaten/aDebian GNU/LinuxFreeBSD Foundation
Product-debian_linuxfreebsdpfsensen/a
CVE-2015-0202
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.99% / 82.88%
||
7 Day CHG~0.00%
Published-08 Apr, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.

Action-Not Available
Vendor-n/aThe Apache Software FoundationopenSUSE
Product-subversionopensusen/a
CVE-2015-0361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG~0.00%
Published-07 Jan, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.

Action-Not Available
Vendor-n/aXen ProjectopenSUSE
Product-opensusexenn/a
CVE-2014-9744
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.49% / 64.60%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.

Action-Not Available
Vendor-polarssln/aopenSUSE
Product-opensusepolarssln/a
CVE-2018-20843
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.69% / 90.04%
||
7 Day CHG~0.00%
Published-24 Jun, 2019 | 16:06
Updated-30 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Action-Not Available
Vendor-libexpat_projectn/aOracle CorporationopenSUSEDebian GNU/LinuxFedora ProjectTenable, Inc.Canonical Ltd.
Product-hospitality_res_3700outside_in_technologynessuslibexpatleapfedoradebian_linuxubuntu_linuxhttp_servern/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-20312
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.14%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 00:00
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-20309
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.61%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 00:00
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImagemMagick
CWE ID-CWE-369
Divide By Zero
CVE-2017-11411
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.03%
||
7 Day CHG~0.00%
Published-18 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-17 Feb, 2017 | 07:45
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found