wireshark-2.2.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10199-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z wireshark-2.2.2-1.1 on GA media These are all security issues fixed in the wireshark-2.2.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10199 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-1210/ SUSE CVE CVE-2009-1210 page https://www.suse.com/security/cve/CVE-2009-1267/ SUSE CVE CVE-2009-1267 page https://www.suse.com/security/cve/CVE-2009-1268/ SUSE CVE CVE-2009-1268 page https://www.suse.com/security/cve/CVE-2009-1269/ SUSE CVE CVE-2009-1269 page https://www.suse.com/security/cve/CVE-2009-3241/ SUSE CVE CVE-2009-3241 page https://www.suse.com/security/cve/CVE-2009-3242/ SUSE CVE CVE-2009-3242 page https://www.suse.com/security/cve/CVE-2009-3243/ SUSE CVE CVE-2009-3243 page https://www.suse.com/security/cve/CVE-2010-1455/ SUSE CVE CVE-2010-1455 page https://www.suse.com/security/cve/CVE-2010-2993/ SUSE CVE CVE-2010-2993 page https://www.suse.com/security/cve/CVE-2010-3445/ SUSE CVE CVE-2010-3445 page https://www.suse.com/security/cve/CVE-2010-4300/ SUSE CVE CVE-2010-4300 page https://www.suse.com/security/cve/CVE-2010-4301/ SUSE CVE CVE-2010-4301 page https://www.suse.com/security/cve/CVE-2010-4538/ SUSE CVE CVE-2010-4538 page https://www.suse.com/security/cve/CVE-2011-0024/ SUSE CVE CVE-2011-0024 page https://www.suse.com/security/cve/CVE-2011-0538/ SUSE CVE CVE-2011-0538 page https://www.suse.com/security/cve/CVE-2011-0713/ SUSE CVE CVE-2011-0713 page https://www.suse.com/security/cve/CVE-2011-1138/ SUSE CVE CVE-2011-1138 page https://www.suse.com/security/cve/CVE-2011-1139/ SUSE CVE CVE-2011-1139 page https://www.suse.com/security/cve/CVE-2011-1140/ SUSE CVE CVE-2011-1140 page https://www.suse.com/security/cve/CVE-2011-1143/ SUSE CVE CVE-2011-1143 page https://www.suse.com/security/cve/CVE-2011-1590/ SUSE CVE CVE-2011-1590 page https://www.suse.com/security/cve/CVE-2011-1591/ SUSE CVE CVE-2011-1591 page https://www.suse.com/security/cve/CVE-2011-1592/ SUSE CVE CVE-2011-1592 page https://www.suse.com/security/cve/CVE-2011-1957/ SUSE CVE CVE-2011-1957 page https://www.suse.com/security/cve/CVE-2011-1958/ SUSE CVE CVE-2011-1958 page https://www.suse.com/security/cve/CVE-2011-1959/ SUSE CVE CVE-2011-1959 page https://www.suse.com/security/cve/CVE-2011-2174/ SUSE CVE CVE-2011-2174 page https://www.suse.com/security/cve/CVE-2011-2175/ SUSE CVE CVE-2011-2175 page https://www.suse.com/security/cve/CVE-2011-2597/ SUSE CVE CVE-2011-2597 page https://www.suse.com/security/cve/CVE-2011-2698/ SUSE CVE CVE-2011-2698 page https://www.suse.com/security/cve/CVE-2011-3266/ SUSE CVE CVE-2011-3266 page https://www.suse.com/security/cve/CVE-2011-3360/ SUSE CVE CVE-2011-3360 page https://www.suse.com/security/cve/CVE-2011-3483/ SUSE CVE CVE-2011-3483 page https://www.suse.com/security/cve/CVE-2012-2392/ SUSE CVE CVE-2012-2392 page https://www.suse.com/security/cve/CVE-2012-2393/ SUSE CVE CVE-2012-2393 page https://www.suse.com/security/cve/CVE-2012-2394/ SUSE CVE CVE-2012-2394 page https://www.suse.com/security/cve/CVE-2012-3548/ SUSE CVE CVE-2012-3548 page https://www.suse.com/security/cve/CVE-2012-4048/ SUSE CVE CVE-2012-4048 page https://www.suse.com/security/cve/CVE-2012-4049/ SUSE CVE CVE-2012-4049 page https://www.suse.com/security/cve/CVE-2012-4285/ SUSE CVE CVE-2012-4285 page https://www.suse.com/security/cve/CVE-2012-4286/ SUSE CVE CVE-2012-4286 page https://www.suse.com/security/cve/CVE-2012-4287/ SUSE CVE CVE-2012-4287 page https://www.suse.com/security/cve/CVE-2012-4288/ SUSE CVE CVE-2012-4288 page https://www.suse.com/security/cve/CVE-2012-4289/ SUSE CVE CVE-2012-4289 page https://www.suse.com/security/cve/CVE-2012-4290/ SUSE CVE CVE-2012-4290 page https://www.suse.com/security/cve/CVE-2012-4291/ SUSE CVE CVE-2012-4291 page https://www.suse.com/security/cve/CVE-2012-4292/ SUSE CVE CVE-2012-4292 page https://www.suse.com/security/cve/CVE-2012-4293/ SUSE CVE CVE-2012-4293 page https://www.suse.com/security/cve/CVE-2012-4294/ SUSE CVE CVE-2012-4294 page https://www.suse.com/security/cve/CVE-2012-4295/ SUSE CVE CVE-2012-4295 page https://www.suse.com/security/cve/CVE-2012-4296/ SUSE CVE CVE-2012-4296 page https://www.suse.com/security/cve/CVE-2012-4297/ SUSE CVE CVE-2012-4297 page https://www.suse.com/security/cve/CVE-2012-4298/ SUSE CVE CVE-2012-4298 page https://www.suse.com/security/cve/CVE-2012-5237/ SUSE CVE CVE-2012-5237 page https://www.suse.com/security/cve/CVE-2012-5238/ SUSE CVE CVE-2012-5238 page https://www.suse.com/security/cve/CVE-2012-5239/ SUSE CVE CVE-2012-5239 page https://www.suse.com/security/cve/CVE-2012-5240/ SUSE CVE CVE-2012-5240 page https://www.suse.com/security/cve/CVE-2012-5592/ SUSE CVE CVE-2012-5592 page https://www.suse.com/security/cve/CVE-2012-5593/ SUSE CVE CVE-2012-5593 page https://www.suse.com/security/cve/CVE-2012-5594/ SUSE CVE CVE-2012-5594 page https://www.suse.com/security/cve/CVE-2012-5595/ SUSE CVE CVE-2012-5595 page https://www.suse.com/security/cve/CVE-2012-5596/ SUSE CVE CVE-2012-5596 page https://www.suse.com/security/cve/CVE-2012-5597/ SUSE CVE CVE-2012-5597 page https://www.suse.com/security/cve/CVE-2012-5598/ SUSE CVE CVE-2012-5598 page https://www.suse.com/security/cve/CVE-2012-5599/ SUSE CVE CVE-2012-5599 page https://www.suse.com/security/cve/CVE-2012-5600/ SUSE CVE CVE-2012-5600 page https://www.suse.com/security/cve/CVE-2012-5601/ SUSE CVE CVE-2012-5601 page https://www.suse.com/security/cve/CVE-2012-5602/ SUSE CVE CVE-2012-5602 page https://www.suse.com/security/cve/CVE-2013-1572/ SUSE CVE CVE-2013-1572 page https://www.suse.com/security/cve/CVE-2013-1573/ SUSE CVE CVE-2013-1573 page https://www.suse.com/security/cve/CVE-2013-1574/ SUSE CVE CVE-2013-1574 page https://www.suse.com/security/cve/CVE-2013-1575/ SUSE CVE CVE-2013-1575 page https://www.suse.com/security/cve/CVE-2013-1576/ SUSE CVE CVE-2013-1576 page https://www.suse.com/security/cve/CVE-2013-1577/ SUSE CVE CVE-2013-1577 page https://www.suse.com/security/cve/CVE-2013-1578/ SUSE CVE CVE-2013-1578 page https://www.suse.com/security/cve/CVE-2013-1579/ SUSE CVE CVE-2013-1579 page https://www.suse.com/security/cve/CVE-2013-1580/ SUSE CVE CVE-2013-1580 page https://www.suse.com/security/cve/CVE-2013-1581/ SUSE CVE CVE-2013-1581 page https://www.suse.com/security/cve/CVE-2013-1582/ SUSE CVE CVE-2013-1582 page https://www.suse.com/security/cve/CVE-2013-1583/ SUSE CVE CVE-2013-1583 page https://www.suse.com/security/cve/CVE-2013-1584/ SUSE CVE CVE-2013-1584 page https://www.suse.com/security/cve/CVE-2013-1585/ SUSE CVE CVE-2013-1585 page https://www.suse.com/security/cve/CVE-2013-1586/ SUSE CVE CVE-2013-1586 page https://www.suse.com/security/cve/CVE-2013-1587/ SUSE CVE CVE-2013-1587 page https://www.suse.com/security/cve/CVE-2013-1588/ SUSE CVE CVE-2013-1588 page https://www.suse.com/security/cve/CVE-2013-1589/ SUSE CVE CVE-2013-1589 page https://www.suse.com/security/cve/CVE-2013-1590/ SUSE CVE CVE-2013-1590 page https://www.suse.com/security/cve/CVE-2013-2475/ SUSE CVE CVE-2013-2475 page https://www.suse.com/security/cve/CVE-2013-2476/ SUSE CVE CVE-2013-2476 page https://www.suse.com/security/cve/CVE-2013-2477/ SUSE CVE CVE-2013-2477 page https://www.suse.com/security/cve/CVE-2013-2478/ SUSE CVE CVE-2013-2478 page https://www.suse.com/security/cve/CVE-2013-2479/ SUSE CVE CVE-2013-2479 page https://www.suse.com/security/cve/CVE-2013-2480/ SUSE CVE CVE-2013-2480 page https://www.suse.com/security/cve/CVE-2013-2481/ SUSE CVE CVE-2013-2481 page https://www.suse.com/security/cve/CVE-2013-2482/ SUSE CVE CVE-2013-2482 page https://www.suse.com/security/cve/CVE-2013-2483/ SUSE CVE CVE-2013-2483 page https://www.suse.com/security/cve/CVE-2013-2484/ SUSE CVE CVE-2013-2484 page https://www.suse.com/security/cve/CVE-2013-2485/ SUSE CVE CVE-2013-2485 page https://www.suse.com/security/cve/CVE-2013-2486/ SUSE CVE CVE-2013-2486 page https://www.suse.com/security/cve/CVE-2013-2487/ SUSE CVE CVE-2013-2487 page https://www.suse.com/security/cve/CVE-2013-2488/ SUSE CVE CVE-2013-2488 page https://www.suse.com/security/cve/CVE-2013-3555/ SUSE CVE CVE-2013-3555 page https://www.suse.com/security/cve/CVE-2013-3556/ SUSE CVE CVE-2013-3556 page https://www.suse.com/security/cve/CVE-2013-3557/ SUSE CVE CVE-2013-3557 page https://www.suse.com/security/cve/CVE-2013-3558/ SUSE CVE CVE-2013-3558 page https://www.suse.com/security/cve/CVE-2013-3559/ SUSE CVE CVE-2013-3559 page https://www.suse.com/security/cve/CVE-2013-3560/ SUSE CVE CVE-2013-3560 page https://www.suse.com/security/cve/CVE-2013-3561/ SUSE CVE CVE-2013-3561 page https://www.suse.com/security/cve/CVE-2013-3562/ SUSE CVE CVE-2013-3562 page https://www.suse.com/security/cve/CVE-2013-4083/ SUSE CVE CVE-2013-4083 page https://www.suse.com/security/cve/CVE-2013-4920/ SUSE CVE CVE-2013-4920 page https://www.suse.com/security/cve/CVE-2013-4921/ SUSE CVE CVE-2013-4921 page https://www.suse.com/security/cve/CVE-2013-4922/ SUSE CVE CVE-2013-4922 page https://www.suse.com/security/cve/CVE-2013-4923/ SUSE CVE CVE-2013-4923 page https://www.suse.com/security/cve/CVE-2013-4924/ SUSE CVE CVE-2013-4924 page https://www.suse.com/security/cve/CVE-2013-4925/ SUSE CVE CVE-2013-4925 page https://www.suse.com/security/cve/CVE-2013-4926/ SUSE CVE CVE-2013-4926 page https://www.suse.com/security/cve/CVE-2013-4927/ SUSE CVE CVE-2013-4927 page https://www.suse.com/security/cve/CVE-2013-4928/ SUSE CVE CVE-2013-4928 page https://www.suse.com/security/cve/CVE-2013-4929/ SUSE CVE CVE-2013-4929 page https://www.suse.com/security/cve/CVE-2013-4930/ SUSE CVE CVE-2013-4930 page https://www.suse.com/security/cve/CVE-2013-4931/ SUSE CVE CVE-2013-4931 page https://www.suse.com/security/cve/CVE-2013-4932/ SUSE CVE CVE-2013-4932 page https://www.suse.com/security/cve/CVE-2013-4933/ SUSE CVE CVE-2013-4933 page https://www.suse.com/security/cve/CVE-2013-4934/ SUSE CVE CVE-2013-4934 page https://www.suse.com/security/cve/CVE-2013-4935/ SUSE CVE CVE-2013-4935 page https://www.suse.com/security/cve/CVE-2013-4936/ SUSE CVE CVE-2013-4936 page https://www.suse.com/security/cve/CVE-2013-5717/ SUSE CVE CVE-2013-5717 page https://www.suse.com/security/cve/CVE-2013-5718/ SUSE CVE CVE-2013-5718 page https://www.suse.com/security/cve/CVE-2013-5719/ SUSE CVE CVE-2013-5719 page https://www.suse.com/security/cve/CVE-2013-5720/ SUSE CVE CVE-2013-5720 page https://www.suse.com/security/cve/CVE-2013-5721/ SUSE CVE CVE-2013-5721 page https://www.suse.com/security/cve/CVE-2013-5722/ SUSE CVE CVE-2013-5722 page https://www.suse.com/security/cve/CVE-2013-6336/ SUSE CVE CVE-2013-6336 page https://www.suse.com/security/cve/CVE-2013-6337/ SUSE CVE CVE-2013-6337 page https://www.suse.com/security/cve/CVE-2013-6338/ SUSE CVE CVE-2013-6338 page https://www.suse.com/security/cve/CVE-2013-6339/ SUSE CVE CVE-2013-6339 page https://www.suse.com/security/cve/CVE-2013-6340/ SUSE CVE CVE-2013-6340 page https://www.suse.com/security/cve/CVE-2013-7112/ SUSE CVE CVE-2013-7112 page https://www.suse.com/security/cve/CVE-2013-7113/ SUSE CVE CVE-2013-7113 page https://www.suse.com/security/cve/CVE-2013-7114/ SUSE CVE CVE-2013-7114 page https://www.suse.com/security/cve/CVE-2014-2281/ SUSE CVE CVE-2014-2281 page https://www.suse.com/security/cve/CVE-2014-2282/ SUSE CVE CVE-2014-2282 page https://www.suse.com/security/cve/CVE-2014-2283/ SUSE CVE CVE-2014-2283 page https://www.suse.com/security/cve/CVE-2014-2299/ SUSE CVE CVE-2014-2299 page https://www.suse.com/security/cve/CVE-2014-2907/ SUSE CVE CVE-2014-2907 page https://www.suse.com/security/cve/CVE-2014-4020/ SUSE CVE CVE-2014-4020 page https://www.suse.com/security/cve/CVE-2014-5161/ SUSE CVE CVE-2014-5161 page https://www.suse.com/security/cve/CVE-2014-5162/ SUSE CVE CVE-2014-5162 page https://www.suse.com/security/cve/CVE-2014-5163/ SUSE CVE CVE-2014-5163 page https://www.suse.com/security/cve/CVE-2014-5164/ SUSE CVE CVE-2014-5164 page https://www.suse.com/security/cve/CVE-2014-5165/ SUSE CVE CVE-2014-5165 page https://www.suse.com/security/cve/CVE-2014-6423/ SUSE CVE CVE-2014-6423 page https://www.suse.com/security/cve/CVE-2014-6424/ SUSE CVE CVE-2014-6424 page https://www.suse.com/security/cve/CVE-2014-6425/ SUSE CVE CVE-2014-6425 page https://www.suse.com/security/cve/CVE-2014-6426/ SUSE CVE CVE-2014-6426 page https://www.suse.com/security/cve/CVE-2014-6427/ SUSE CVE CVE-2014-6427 page https://www.suse.com/security/cve/CVE-2014-6428/ SUSE CVE CVE-2014-6428 page https://www.suse.com/security/cve/CVE-2014-6429/ SUSE CVE CVE-2014-6429 page https://www.suse.com/security/cve/CVE-2014-6430/ SUSE CVE CVE-2014-6430 page https://www.suse.com/security/cve/CVE-2014-6431/ SUSE CVE CVE-2014-6431 page https://www.suse.com/security/cve/CVE-2014-6432/ SUSE CVE CVE-2014-6432 page https://www.suse.com/security/cve/CVE-2014-8710/ SUSE CVE CVE-2014-8710 page https://www.suse.com/security/cve/CVE-2014-8711/ SUSE CVE CVE-2014-8711 page https://www.suse.com/security/cve/CVE-2014-8712/ SUSE CVE CVE-2014-8712 page https://www.suse.com/security/cve/CVE-2014-8713/ SUSE CVE CVE-2014-8713 page https://www.suse.com/security/cve/CVE-2014-8714/ SUSE CVE CVE-2014-8714 page https://www.suse.com/security/cve/CVE-2015-0559/ SUSE CVE CVE-2015-0559 page https://www.suse.com/security/cve/CVE-2015-0560/ SUSE CVE CVE-2015-0560 page https://www.suse.com/security/cve/CVE-2015-0561/ SUSE CVE CVE-2015-0561 page https://www.suse.com/security/cve/CVE-2015-0562/ SUSE CVE CVE-2015-0562 page https://www.suse.com/security/cve/CVE-2015-0563/ SUSE CVE CVE-2015-0563 page https://www.suse.com/security/cve/CVE-2015-0564/ SUSE CVE CVE-2015-0564 page https://www.suse.com/security/cve/CVE-2015-2187/ SUSE CVE CVE-2015-2187 page https://www.suse.com/security/cve/CVE-2015-2188/ SUSE CVE CVE-2015-2188 page https://www.suse.com/security/cve/CVE-2015-2189/ SUSE CVE CVE-2015-2189 page https://www.suse.com/security/cve/CVE-2015-2190/ SUSE CVE CVE-2015-2190 page https://www.suse.com/security/cve/CVE-2015-2191/ SUSE CVE CVE-2015-2191 page https://www.suse.com/security/cve/CVE-2015-2192/ SUSE CVE CVE-2015-2192 page https://www.suse.com/security/cve/CVE-2015-3808/ SUSE CVE CVE-2015-3808 page https://www.suse.com/security/cve/CVE-2015-3809/ SUSE CVE CVE-2015-3809 page https://www.suse.com/security/cve/CVE-2015-3810/ SUSE CVE CVE-2015-3810 page https://www.suse.com/security/cve/CVE-2015-3811/ SUSE CVE CVE-2015-3811 page https://www.suse.com/security/cve/CVE-2015-3812/ SUSE CVE CVE-2015-3812 page https://www.suse.com/security/cve/CVE-2015-3813/ SUSE CVE CVE-2015-3813 page https://www.suse.com/security/cve/CVE-2015-3814/ SUSE CVE CVE-2015-3814 page https://www.suse.com/security/cve/CVE-2015-3815/ SUSE CVE CVE-2015-3815 page https://www.suse.com/security/cve/CVE-2015-4651/ SUSE CVE CVE-2015-4651 page https://www.suse.com/security/cve/CVE-2015-4652/ SUSE CVE CVE-2015-4652 page https://www.suse.com/security/cve/CVE-2015-6241/ SUSE CVE CVE-2015-6241 page https://www.suse.com/security/cve/CVE-2015-6242/ SUSE CVE CVE-2015-6242 page https://www.suse.com/security/cve/CVE-2015-6243/ SUSE CVE CVE-2015-6243 page https://www.suse.com/security/cve/CVE-2015-6244/ SUSE CVE CVE-2015-6244 page https://www.suse.com/security/cve/CVE-2015-6245/ SUSE CVE CVE-2015-6245 page https://www.suse.com/security/cve/CVE-2015-6246/ SUSE CVE CVE-2015-6246 page https://www.suse.com/security/cve/CVE-2015-6247/ SUSE CVE CVE-2015-6247 page https://www.suse.com/security/cve/CVE-2015-6248/ SUSE CVE CVE-2015-6248 page https://www.suse.com/security/cve/CVE-2015-6249/ SUSE CVE CVE-2015-6249 page https://www.suse.com/security/cve/CVE-2015-7830/ SUSE CVE CVE-2015-7830 page https://www.suse.com/security/cve/CVE-2015-8711/ SUSE CVE CVE-2015-8711 page https://www.suse.com/security/cve/CVE-2015-8718/ SUSE CVE CVE-2015-8718 page https://www.suse.com/security/cve/CVE-2015-8720/ SUSE CVE CVE-2015-8720 page https://www.suse.com/security/cve/CVE-2015-8721/ SUSE CVE CVE-2015-8721 page https://www.suse.com/security/cve/CVE-2015-8722/ SUSE CVE CVE-2015-8722 page https://www.suse.com/security/cve/CVE-2015-8723/ SUSE CVE CVE-2015-8723 page https://www.suse.com/security/cve/CVE-2015-8724/ SUSE CVE CVE-2015-8724 page https://www.suse.com/security/cve/CVE-2015-8725/ SUSE CVE CVE-2015-8725 page https://www.suse.com/security/cve/CVE-2015-8726/ SUSE CVE CVE-2015-8726 page https://www.suse.com/security/cve/CVE-2015-8727/ SUSE CVE CVE-2015-8727 page https://www.suse.com/security/cve/CVE-2015-8728/ SUSE CVE CVE-2015-8728 page https://www.suse.com/security/cve/CVE-2015-8729/ SUSE CVE CVE-2015-8729 page https://www.suse.com/security/cve/CVE-2015-8730/ SUSE CVE CVE-2015-8730 page https://www.suse.com/security/cve/CVE-2015-8731/ SUSE CVE CVE-2015-8731 page https://www.suse.com/security/cve/CVE-2015-8732/ SUSE CVE CVE-2015-8732 page https://www.suse.com/security/cve/CVE-2015-8733/ SUSE CVE CVE-2015-8733 page https://www.suse.com/security/cve/CVE-2015-8734/ SUSE CVE CVE-2015-8734 page https://www.suse.com/security/cve/CVE-2015-8735/ SUSE CVE CVE-2015-8735 page https://www.suse.com/security/cve/CVE-2015-8736/ SUSE CVE CVE-2015-8736 page https://www.suse.com/security/cve/CVE-2015-8737/ SUSE CVE CVE-2015-8737 page https://www.suse.com/security/cve/CVE-2015-8738/ SUSE CVE CVE-2015-8738 page https://www.suse.com/security/cve/CVE-2015-8739/ SUSE CVE CVE-2015-8739 page https://www.suse.com/security/cve/CVE-2015-8740/ SUSE CVE CVE-2015-8740 page https://www.suse.com/security/cve/CVE-2015-8741/ SUSE CVE CVE-2015-8741 page https://www.suse.com/security/cve/CVE-2015-8742/ SUSE CVE CVE-2015-8742 page https://www.suse.com/security/cve/CVE-2016-2522/ SUSE CVE CVE-2016-2522 page https://www.suse.com/security/cve/CVE-2016-2523/ SUSE CVE CVE-2016-2523 page https://www.suse.com/security/cve/CVE-2016-2524/ SUSE CVE CVE-2016-2524 page https://www.suse.com/security/cve/CVE-2016-2525/ SUSE CVE CVE-2016-2525 page https://www.suse.com/security/cve/CVE-2016-2526/ SUSE CVE CVE-2016-2526 page https://www.suse.com/security/cve/CVE-2016-2527/ SUSE CVE CVE-2016-2527 page https://www.suse.com/security/cve/CVE-2016-2528/ SUSE CVE CVE-2016-2528 page https://www.suse.com/security/cve/CVE-2016-2529/ SUSE CVE CVE-2016-2529 page https://www.suse.com/security/cve/CVE-2016-2530/ SUSE CVE CVE-2016-2530 page https://www.suse.com/security/cve/CVE-2016-2531/ SUSE CVE CVE-2016-2531 page https://www.suse.com/security/cve/CVE-2016-2532/ SUSE CVE CVE-2016-2532 page https://www.suse.com/security/cve/CVE-2016-5350/ SUSE CVE CVE-2016-5350 page https://www.suse.com/security/cve/CVE-2016-5351/ SUSE CVE CVE-2016-5351 page https://www.suse.com/security/cve/CVE-2016-5352/ SUSE CVE CVE-2016-5352 page https://www.suse.com/security/cve/CVE-2016-5353/ SUSE CVE CVE-2016-5353 page https://www.suse.com/security/cve/CVE-2016-5354/ SUSE CVE CVE-2016-5354 page https://www.suse.com/security/cve/CVE-2016-5355/ SUSE CVE CVE-2016-5355 page https://www.suse.com/security/cve/CVE-2016-5356/ SUSE CVE CVE-2016-5356 page https://www.suse.com/security/cve/CVE-2016-5357/ SUSE CVE CVE-2016-5357 page https://www.suse.com/security/cve/CVE-2016-5358/ SUSE CVE CVE-2016-5358 page https://www.suse.com/security/cve/CVE-2016-6505/ SUSE CVE CVE-2016-6505 page https://www.suse.com/security/cve/CVE-2016-6508/ SUSE CVE CVE-2016-6508 page https://www.suse.com/security/cve/CVE-2016-6509/ SUSE CVE CVE-2016-6509 page https://www.suse.com/security/cve/CVE-2016-6510/ SUSE CVE CVE-2016-6510 page https://www.suse.com/security/cve/CVE-2016-6511/ SUSE CVE CVE-2016-6511 page https://www.suse.com/security/cve/CVE-2016-6512/ SUSE CVE CVE-2016-6512 page https://www.suse.com/security/cve/CVE-2016-6513/ SUSE CVE CVE-2016-6513 page https://www.suse.com/security/cve/CVE-2016-7175/ SUSE CVE CVE-2016-7175 page https://www.suse.com/security/cve/CVE-2016-7176/ SUSE CVE CVE-2016-7176 page https://www.suse.com/security/cve/CVE-2016-7177/ SUSE CVE CVE-2016-7177 page https://www.suse.com/security/cve/CVE-2016-7178/ SUSE CVE CVE-2016-7178 page https://www.suse.com/security/cve/CVE-2016-7179/ SUSE CVE CVE-2016-7179 page https://www.suse.com/security/cve/CVE-2016-7180/ SUSE CVE CVE-2016-7180 page https://www.suse.com/security/cve/CVE-2016-9372/ SUSE CVE CVE-2016-9372 page https://www.suse.com/security/cve/CVE-2016-9373/ SUSE CVE CVE-2016-9373 page https://www.suse.com/security/cve/CVE-2016-9374/ SUSE CVE CVE-2016-9374 page https://www.suse.com/security/cve/CVE-2016-9375/ SUSE CVE CVE-2016-9375 page https://www.suse.com/security/cve/CVE-2016-9376/ SUSE CVE CVE-2016-9376 page openSUSE Tumbleweed wireshark-2.2.2-1.1 wireshark-devel-2.2.2-1.1 wireshark-ui-gtk-2.2.2-1.1 wireshark-ui-qt-2.2.2-1.1 wireshark-2.2.2-1.1 as a component of openSUSE Tumbleweed wireshark-devel-2.2.2-1.1 as a component of openSUSE Tumbleweed wireshark-ui-gtk-2.2.2-1.1 as a component of openSUSE Tumbleweed wireshark-ui-qt-2.2.2-1.1 as a component of openSUSE Tumbleweed Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. CVE-2009-1210 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1210.html CVE-2009-1210 https://bugzilla.suse.com/491449 SUSE Bug 491449 https://bugzilla.suse.com/493584 SUSE Bug 493584 Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. CVE-2009-1267 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1267.html CVE-2009-1267 https://bugzilla.suse.com/493584 SUSE Bug 493584 The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. CVE-2009-1268 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1268.html CVE-2009-1268 https://bugzilla.suse.com/493584 SUSE Bug 493584 Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. CVE-2009-1269 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1269.html CVE-2009-1269 https://bugzilla.suse.com/493584 SUSE Bug 493584 Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. CVE-2009-3241 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3241.html CVE-2009-3241 https://bugzilla.suse.com/541654 SUSE Bug 541654 Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. CVE-2009-3242 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3242.html CVE-2009-3242 https://bugzilla.suse.com/541659 SUSE Bug 541659 Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. CVE-2009-3243 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3243.html CVE-2009-3243 https://bugzilla.suse.com/541655 SUSE Bug 541655 The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. CVE-2010-1455 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1455.html CVE-2010-1455 https://bugzilla.suse.com/603251 SUSE Bug 603251 The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. CVE-2010-2993 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2993.html CVE-2010-2993 https://bugzilla.suse.com/630599 SUSE Bug 630599 Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. CVE-2010-3445 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3445.html CVE-2010-3445 https://bugzilla.suse.com/643078 SUSE Bug 643078 Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. CVE-2010-4300 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4300.html CVE-2010-4300 https://bugzilla.suse.com/655448 SUSE Bug 655448 epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. CVE-2010-4301 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4301.html CVE-2010-4301 https://bugzilla.suse.com/655448 SUSE Bug 655448 Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. CVE-2010-4538 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4538.html CVE-2010-4538 https://bugzilla.suse.com/662029 SUSE Bug 662029 Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. CVE-2011-0024 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0024.html CVE-2011-0024 https://bugzilla.suse.com/683335 SUSE Bug 683335 Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. CVE-2011-0538 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0538.html CVE-2011-0538 https://bugzilla.suse.com/669908 SUSE Bug 669908 Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. CVE-2011-0713 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0713.html CVE-2011-0713 https://bugzilla.suse.com/672916 SUSE Bug 672916 Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. CVE-2011-1138 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1138.html CVE-2011-1138 https://bugzilla.suse.com/678567 SUSE Bug 678567 wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field. CVE-2011-1139 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1139.html CVE-2011-1139 https://bugzilla.suse.com/678568 SUSE Bug 678568 Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet. CVE-2011-1140 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1140.html CVE-2011-1140 https://bugzilla.suse.com/678569 SUSE Bug 678569 epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. CVE-2011-1143 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1143.html CVE-2011-1143 https://bugzilla.suse.com/678571 SUSE Bug 678571 The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. CVE-2011-1590 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1590.html CVE-2011-1590 https://bugzilla.suse.com/688109 SUSE Bug 688109 Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. CVE-2011-1591 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1591.html CVE-2011-1591 https://bugzilla.suse.com/688109 SUSE Bug 688109 The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. CVE-2011-1592 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1592.html CVE-2011-1592 https://bugzilla.suse.com/688109 SUSE Bug 688109 The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. CVE-2011-1957 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1957.html CVE-2011-1957 https://bugzilla.suse.com/697516 SUSE Bug 697516 Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. CVE-2011-1958 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1958.html CVE-2011-1958 https://bugzilla.suse.com/697516 SUSE Bug 697516 The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. CVE-2011-1959 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1959.html CVE-2011-1959 https://bugzilla.suse.com/697516 SUSE Bug 697516 Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. CVE-2011-2174 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2174.html CVE-2011-2174 https://bugzilla.suse.com/697516 SUSE Bug 697516 Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. CVE-2011-2175 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2175.html CVE-2011-2175 https://bugzilla.suse.com/697516 SUSE Bug 697516 The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. CVE-2011-2597 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2597.html CVE-2011-2597 https://bugzilla.suse.com/706728 SUSE Bug 706728 Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. CVE-2011-2698 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2698.html CVE-2011-2698 https://bugzilla.suse.com/706728 SUSE Bug 706728 The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. CVE-2011-3266 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3266.html CVE-2011-3266 https://bugzilla.suse.com/718032 SUSE Bug 718032 Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. CVE-2011-3360 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3360.html CVE-2011-3360 https://bugzilla.suse.com/718032 SUSE Bug 718032 Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." CVE-2011-3483 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3483.html CVE-2011-3483 https://bugzilla.suse.com/718032 SUSE Bug 718032 Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. CVE-2012-2392 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2392.html CVE-2012-2392 https://bugzilla.suse.com/763634 SUSE Bug 763634 https://bugzilla.suse.com/763855 SUSE Bug 763855 https://bugzilla.suse.com/769578 SUSE Bug 769578 epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. CVE-2012-2393 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2393.html CVE-2012-2393 https://bugzilla.suse.com/763634 SUSE Bug 763634 https://bugzilla.suse.com/763855 SUSE Bug 763855 https://bugzilla.suse.com/763857 SUSE Bug 763857 Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. CVE-2012-2394 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2394.html CVE-2012-2394 https://bugzilla.suse.com/763634 SUSE Bug 763634 https://bugzilla.suse.com/763859 SUSE Bug 763859 The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. CVE-2012-3548 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3548.html CVE-2012-3548 https://bugzilla.suse.com/778000 SUSE Bug 778000 https://bugzilla.suse.com/783275 SUSE Bug 783275 The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. CVE-2012-4048 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4048.html CVE-2012-4048 https://bugzilla.suse.com/772738 SUSE Bug 772738 epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. CVE-2012-4049 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4049.html CVE-2012-4049 https://bugzilla.suse.com/772738 SUSE Bug 772738 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. CVE-2012-4285 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4285.html CVE-2012-4285 https://bugzilla.suse.com/776083 SUSE Bug 776083 The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file. CVE-2012-4286 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4286.html CVE-2012-4286 https://bugzilla.suse.com/776083 SUSE Bug 776083 epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length. CVE-2012-4287 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4287.html CVE-2012-4287 https://bugzilla.suse.com/776083 SUSE Bug 776083 Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. CVE-2012-4288 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4288.html CVE-2012-4288 https://bugzilla.suse.com/776083 SUSE Bug 776083 epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. CVE-2012-4289 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4289.html CVE-2012-4289 https://bugzilla.suse.com/776083 SUSE Bug 776083 The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. CVE-2012-4290 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4290.html CVE-2012-4290 https://bugzilla.suse.com/776083 SUSE Bug 776083 The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. CVE-2012-4291 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4291.html CVE-2012-4291 https://bugzilla.suse.com/776083 SUSE Bug 776083 The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2012-4292 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4292.html CVE-2012-4292 https://bugzilla.suse.com/776083 SUSE Bug 776083 plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. CVE-2012-4293 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4293.html CVE-2012-4293 https://bugzilla.suse.com/776083 SUSE Bug 776083 Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. CVE-2012-4294 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4294.html CVE-2012-4294 https://bugzilla.suse.com/776083 SUSE Bug 776083 Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. CVE-2012-4295 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4295.html CVE-2012-4295 https://bugzilla.suse.com/776083 SUSE Bug 776083 Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. CVE-2012-4296 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4296.html CVE-2012-4296 https://bugzilla.suse.com/776083 SUSE Bug 776083 Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet. CVE-2012-4297 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4297.html CVE-2012-4297 https://bugzilla.suse.com/776083 SUSE Bug 776083 Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow. CVE-2012-4298 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5.4 AV:A/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-4298.html CVE-2012-4298 https://bugzilla.suse.com/776083 SUSE Bug 776083 The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2012-5237 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5237.html CVE-2012-5237 https://bugzilla.suse.com/783275 SUSE Bug 783275 epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. CVE-2012-5238 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5238.html CVE-2012-5238 https://bugzilla.suse.com/783275 SUSE Bug 783275 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3548. Reason: This candidate is a reservation duplicate of CVE-2012-3548. Notes: All CVE users should reference CVE-2012-3548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5239 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5239.html CVE-2012-5239 https://bugzilla.suse.com/783275 SUSE Bug 783275 Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. CVE-2012-5240 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5240.html CVE-2012-5240 https://bugzilla.suse.com/783275 SUSE Bug 783275 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6052. Reason: This candidate is a reservation duplicate of CVE-2012-6052. Notes: All CVE users should reference CVE-2012-6052 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5592 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5592.html CVE-2012-5592 https://bugzilla.suse.com/792005 SUSE Bug 792005 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6053. Reason: This candidate is a reservation duplicate of CVE-2012-6053. Notes: All CVE users should reference CVE-2012-6053 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5593 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5593.html CVE-2012-5593 https://bugzilla.suse.com/792005 SUSE Bug 792005 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate is a reservation duplicate of CVE-2012-6054. Notes: All CVE users should reference CVE-2012-6054 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5594 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5594.html CVE-2012-5594 https://bugzilla.suse.com/792005 SUSE Bug 792005 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6056. Reason: This candidate is a reservation duplicate of CVE-2012-6056. Notes: All CVE users should reference CVE-2012-6056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5595 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5595.html CVE-2012-5595 https://bugzilla.suse.com/792005 SUSE Bug 792005 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6057. Reason: This candidate is a reservation duplicate of CVE-2012-6057. Notes: All CVE users should reference CVE-2012-6057 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5596 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5596.html CVE-2012-5596 https://bugzilla.suse.com/792005 SUSE Bug 792005 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6059. Reason: This candidate is a reservation duplicate of CVE-2012-6059. Notes: All CVE users should reference CVE-2012-6059 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5597 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5597.html CVE-2012-5597 https://bugzilla.suse.com/792005 SUSE Bug 792005 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6060. Reason: This candidate is a reservation duplicate of CVE-2012-6060. Notes: All CVE users should reference CVE-2012-6060 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5598 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5598.html CVE-2012-5598 https://bugzilla.suse.com/792005 SUSE Bug 792005 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6061. Reason: This candidate is a reservation duplicate of CVE-2012-6061. Notes: All CVE users should reference CVE-2012-6061 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5599 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5599.html CVE-2012-5599 https://bugzilla.suse.com/792005 SUSE Bug 792005 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6062. Reason: This candidate is a reservation duplicate of CVE-2012-6062. Notes: All CVE users should reference CVE-2012-6062 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5600 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5600.html CVE-2012-5600 https://bugzilla.suse.com/792005 SUSE Bug 792005 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6055. Reason: This candidate is a reservation duplicate of CVE-2012-6055. Notes: All CVE users should reference CVE-2012-6055 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5601 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5601.html CVE-2012-5601 https://bugzilla.suse.com/792005 SUSE Bug 792005 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6058. Reason: This candidate is a reservation duplicate of CVE-2012-6058. Notes: All CVE users should reference CVE-2012-6058 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2012-5602 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-5602.html CVE-2012-5602 https://bugzilla.suse.com/792005 SUSE Bug 792005 The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2013-1572 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1572.html CVE-2013-1572 https://bugzilla.suse.com/801131 SUSE Bug 801131 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2013-1573 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1573.html CVE-2013-1573 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2013-1574 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1574.html CVE-2013-1574 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2013-1575 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1575.html CVE-2013-1575 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2013-1576 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1576.html CVE-2013-1576 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2013-1577 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1577.html CVE-2013-1577 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. CVE-2013-1578 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1578.html CVE-2013-1578 https://bugzilla.suse.com/801131 SUSE Bug 801131 The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2013-1579 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1579.html CVE-2013-1579 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2013-1580 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1580.html CVE-2013-1580 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. CVE-2013-1581 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1581.html CVE-2013-1581 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. CVE-2013-1582 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1582.html CVE-2013-1582 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-1583 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1583.html CVE-2013-1583 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-1584 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1584.html CVE-2013-1584 https://bugzilla.suse.com/801131 SUSE Bug 801131 epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-1585 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1585.html CVE-2013-1585 https://bugzilla.suse.com/801131 SUSE Bug 801131 The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-1586 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1586.html CVE-2013-1586 https://bugzilla.suse.com/801131 SUSE Bug 801131 The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-1587 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1587.html CVE-2013-1587 https://bugzilla.suse.com/801131 SUSE Bug 801131 Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-1588 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1588.html CVE-2013-1588 https://bugzilla.suse.com/801131 SUSE Bug 801131 Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-1589 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1589.html CVE-2013-1589 https://bugzilla.suse.com/801131 SUSE Bug 801131 Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-1590 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1590.html CVE-2013-1590 https://bugzilla.suse.com/801131 SUSE Bug 801131 The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-2475 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2475.html CVE-2013-2475 https://bugzilla.suse.com/807942 SUSE Bug 807942 The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. CVE-2013-2476 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 6.1 AV:A/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2476.html CVE-2013-2476 https://bugzilla.suse.com/807942 SUSE Bug 807942 The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-2477 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2477.html CVE-2013-2477 https://bugzilla.suse.com/807942 SUSE Bug 807942 The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. CVE-2013-2478 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2478.html CVE-2013-2478 https://bugzilla.suse.com/807942 SUSE Bug 807942 The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. CVE-2013-2479 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2479.html CVE-2013-2479 https://bugzilla.suse.com/807942 SUSE Bug 807942 The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-2480 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2480.html CVE-2013-2480 https://bugzilla.suse.com/807942 SUSE Bug 807942 Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. CVE-2013-2481 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2481.html CVE-2013-2481 https://bugzilla.suse.com/807942 SUSE Bug 807942 The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2013-2482 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 6.1 AV:A/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2482.html CVE-2013-2482 https://bugzilla.suse.com/807942 SUSE Bug 807942 The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. CVE-2013-2483 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2483.html CVE-2013-2483 https://bugzilla.suse.com/807942 SUSE Bug 807942 The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-2484 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2484.html CVE-2013-2484 https://bugzilla.suse.com/807942 SUSE Bug 807942 The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2013-2485 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 6.1 AV:A/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2485.html CVE-2013-2485 https://bugzilla.suse.com/807942 SUSE Bug 807942 The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. CVE-2013-2486 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 6.1 AV:A/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2486.html CVE-2013-2486 https://bugzilla.suse.com/807942 SUSE Bug 807942 https://bugzilla.suse.com/820566 SUSE Bug 820566 https://bugzilla.suse.com/820973 SUSE Bug 820973 epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. CVE-2013-2487 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2487.html CVE-2013-2487 https://bugzilla.suse.com/807942 SUSE Bug 807942 https://bugzilla.suse.com/820566 SUSE Bug 820566 https://bugzilla.suse.com/820973 SUSE Bug 820973 The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location. CVE-2013-2488 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2488.html CVE-2013-2488 https://bugzilla.suse.com/807942 SUSE Bug 807942 epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3555 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-3555.html CVE-2013-3555 https://bugzilla.suse.com/820566 SUSE Bug 820566 https://bugzilla.suse.com/820973 SUSE Bug 820973 The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3556 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-3556.html CVE-2013-3556 https://bugzilla.suse.com/820566 SUSE Bug 820566 https://bugzilla.suse.com/820973 SUSE Bug 820973 The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3557 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-3557.html CVE-2013-3557 https://bugzilla.suse.com/820566 SUSE Bug 820566 https://bugzilla.suse.com/820973 SUSE Bug 820973 The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3558 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-3558.html CVE-2013-3558 https://bugzilla.suse.com/820566 SUSE Bug 820566 https://bugzilla.suse.com/820973 SUSE Bug 820973 epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. CVE-2013-3559 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-3559.html CVE-2013-3559 https://bugzilla.suse.com/820566 SUSE Bug 820566 https://bugzilla.suse.com/820973 SUSE Bug 820973 The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3560 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-3560.html CVE-2013-3560 https://bugzilla.suse.com/820566 SUSE Bug 820566 https://bugzilla.suse.com/820973 SUSE Bug 820973 Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. CVE-2013-3561 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-3561.html CVE-2013-3561 https://bugzilla.suse.com/820566 SUSE Bug 820566 https://bugzilla.suse.com/820973 SUSE Bug 820973 Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. CVE-2013-3562 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-3562.html CVE-2013-3562 https://bugzilla.suse.com/820566 SUSE Bug 820566 https://bugzilla.suse.com/820973 SUSE Bug 820973 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4083 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4083.html CVE-2013-4083 https://bugzilla.suse.com/824900 SUSE Bug 824900 https://bugzilla.suse.com/831718 SUSE Bug 831718 The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4920 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4920.html CVE-2013-4920 https://bugzilla.suse.com/831718 SUSE Bug 831718 Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4921 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4921.html CVE-2013-4921 https://bugzilla.suse.com/831718 SUSE Bug 831718 Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4922 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4922.html CVE-2013-4922 https://bugzilla.suse.com/831718 SUSE Bug 831718 Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. CVE-2013-4923 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4923.html CVE-2013-4923 https://bugzilla.suse.com/831718 SUSE Bug 831718 epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVE-2013-4924 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4924.html CVE-2013-4924 https://bugzilla.suse.com/831718 SUSE Bug 831718 Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet. CVE-2013-4925 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4925.html CVE-2013-4925 https://bugzilla.suse.com/831718 SUSE Bug 831718 epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4926 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4926.html CVE-2013-4926 https://bugzilla.suse.com/831718 SUSE Bug 831718 Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. CVE-2013-4927 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4927.html CVE-2013-4927 https://bugzilla.suse.com/831718 SUSE Bug 831718 Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2013-4928 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4928.html CVE-2013-4928 https://bugzilla.suse.com/831718 SUSE Bug 831718 The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. CVE-2013-4929 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4929.html CVE-2013-4929 https://bugzilla.suse.com/831718 SUSE Bug 831718 The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVE-2013-4930 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4930.html CVE-2013-4930 https://bugzilla.suse.com/831718 SUSE Bug 831718 epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. CVE-2013-4931 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4931.html CVE-2013-4931 https://bugzilla.suse.com/831718 SUSE Bug 831718 Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4932 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4932.html CVE-2013-4932 https://bugzilla.suse.com/831718 SUSE Bug 831718 The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. CVE-2013-4933 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4933.html CVE-2013-4933 https://bugzilla.suse.com/831718 SUSE Bug 831718 The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. CVE-2013-4934 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4934.html CVE-2013-4934 https://bugzilla.suse.com/831718 SUSE Bug 831718 The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-4935 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4935.html CVE-2013-4935 https://bugzilla.suse.com/831718 SUSE Bug 831718 The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVE-2013-4936 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4936.html CVE-2013-4936 https://bugzilla.suse.com/831718 SUSE Bug 831718 The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. CVE-2013-5717 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5717.html CVE-2013-5717 https://bugzilla.suse.com/839607 SUSE Bug 839607 The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-5718 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5718.html CVE-2013-5718 https://bugzilla.suse.com/839607 SUSE Bug 839607 epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2013-5719 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5719.html CVE-2013-5719 https://bugzilla.suse.com/839607 SUSE Bug 839607 Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-5720 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5720.html CVE-2013-5720 https://bugzilla.suse.com/839607 SUSE Bug 839607 The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-5721 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5721.html CVE-2013-5721 https://bugzilla.suse.com/839607 SUSE Bug 839607 Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-5722 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-5722.html CVE-2013-5722 https://bugzilla.suse.com/839607 SUSE Bug 839607 The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-6336 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6336.html CVE-2013-6336 https://bugzilla.suse.com/848738 SUSE Bug 848738 Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-6337 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6337.html CVE-2013-6337 https://bugzilla.suse.com/848738 SUSE Bug 848738 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-6338 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6338.html CVE-2013-6338 https://bugzilla.suse.com/848738 SUSE Bug 848738 The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. CVE-2013-6339 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6339.html CVE-2013-6339 https://bugzilla.suse.com/848738 SUSE Bug 848738 epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-6340 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6340.html CVE-2013-6340 https://bugzilla.suse.com/848738 SUSE Bug 848738 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2013-7112 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7112.html CVE-2013-7112 https://bugzilla.suse.com/856498 SUSE Bug 856498 epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2013-7113 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7113.html CVE-2013-7113 https://bugzilla.suse.com/856495 SUSE Bug 856495 Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. CVE-2013-7114 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 7.8 AV:N/AC:M/Au:N/C:N/I:P/A:C 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7114.html CVE-2013-7114 https://bugzilla.suse.com/856496 SUSE Bug 856496 The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. CVE-2014-2281 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2281.html CVE-2014-2281 https://bugzilla.suse.com/867485 SUSE Bug 867485 The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. CVE-2014-2282 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2282.html CVE-2014-2282 https://bugzilla.suse.com/867485 SUSE Bug 867485 epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. CVE-2014-2283 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2283.html CVE-2014-2283 https://bugzilla.suse.com/867485 SUSE Bug 867485 Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. CVE-2014-2299 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2299.html CVE-2014-2299 https://bugzilla.suse.com/867485 SUSE Bug 867485 The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2014-2907 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2907.html CVE-2014-2907 https://bugzilla.suse.com/874693 SUSE Bug 874693 https://bugzilla.suse.com/874760 SUSE Bug 874760 The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2014-4020 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4020.html CVE-2014-4020 https://bugzilla.suse.com/882602 SUSE Bug 882602 The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. CVE-2014-5161 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-5161.html CVE-2014-5161 https://bugzilla.suse.com/889854 SUSE Bug 889854 https://bugzilla.suse.com/889901 SUSE Bug 889901 The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet. CVE-2014-5162 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-5162.html CVE-2014-5162 https://bugzilla.suse.com/889854 SUSE Bug 889854 https://bugzilla.suse.com/889901 SUSE Bug 889901 The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2014-5163 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-5163.html CVE-2014-5163 https://bugzilla.suse.com/889854 SUSE Bug 889854 https://bugzilla.suse.com/889906 SUSE Bug 889906 The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2014-5164 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-5164.html CVE-2014-5164 https://bugzilla.suse.com/889854 SUSE Bug 889854 https://bugzilla.suse.com/889900 SUSE Bug 889900 The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. CVE-2014-5165 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-5165.html CVE-2014-5165 https://bugzilla.suse.com/889854 SUSE Bug 889854 https://bugzilla.suse.com/889899 SUSE Bug 889899 The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. CVE-2014-6423 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6423.html CVE-2014-6423 https://bugzilla.suse.com/897055 SUSE Bug 897055 The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. CVE-2014-6424 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6424.html CVE-2014-6424 https://bugzilla.suse.com/897055 SUSE Bug 897055 The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. CVE-2014-6425 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6425.html CVE-2014-6425 The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2014-6426 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6426.html CVE-2014-6426 Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. CVE-2014-6427 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6427.html CVE-2014-6427 https://bugzilla.suse.com/897055 SUSE Bug 897055 The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2014-6428 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6428.html CVE-2014-6428 https://bugzilla.suse.com/897055 SUSE Bug 897055 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2014-6429 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6429.html CVE-2014-6429 https://bugzilla.suse.com/897055 SUSE Bug 897055 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2014-6430 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6430.html CVE-2014-6430 https://bugzilla.suse.com/897055 SUSE Bug 897055 Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. CVE-2014-6431 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6431.html CVE-2014-6431 https://bugzilla.suse.com/897055 SUSE Bug 897055 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2014-6432 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-6432.html CVE-2014-6432 https://bugzilla.suse.com/897055 SUSE Bug 897055 The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVE-2014-8710 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8710.html CVE-2014-8710 https://bugzilla.suse.com/905246 SUSE Bug 905246 Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. CVE-2014-8711 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8711.html CVE-2014-8711 https://bugzilla.suse.com/905245 SUSE Bug 905245 The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2014-8712 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8712.html CVE-2014-8712 https://bugzilla.suse.com/905248 SUSE Bug 905248 Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2014-8713 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8713.html CVE-2014-8713 https://bugzilla.suse.com/905248 SUSE Bug 905248 The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2014-8714 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8714.html CVE-2014-8714 https://bugzilla.suse.com/905247 SUSE Bug 905247 Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVE-2015-0559 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0559.html CVE-2015-0559 https://bugzilla.suse.com/912365 SUSE Bug 912365 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-0560 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0560.html CVE-2015-0560 https://bugzilla.suse.com/912365 SUSE Bug 912365 asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. CVE-2015-0561 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0561.html CVE-2015-0561 https://bugzilla.suse.com/912368 SUSE Bug 912368 Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. CVE-2015-0562 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0562.html CVE-2015-0562 https://bugzilla.suse.com/912369 SUSE Bug 912369 epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-0563 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0563.html CVE-2015-0563 https://bugzilla.suse.com/912370 SUSE Bug 912370 Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. CVE-2015-0564 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0564.html CVE-2015-0564 https://bugzilla.suse.com/912372 SUSE Bug 912372 The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. CVE-2015-2187 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2187.html CVE-2015-2187 https://bugzilla.suse.com/920695 SUSE Bug 920695 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. CVE-2015-2188 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2188.html CVE-2015-2188 https://bugzilla.suse.com/920696 SUSE Bug 920696 Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. CVE-2015-2189 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2189.html CVE-2015-2189 https://bugzilla.suse.com/920697 SUSE Bug 920697 epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. CVE-2015-2190 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2190.html CVE-2015-2190 https://bugzilla.suse.com/920698 SUSE Bug 920698 Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. CVE-2015-2191 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2191.html CVE-2015-2191 https://bugzilla.suse.com/920699 SUSE Bug 920699 Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. CVE-2015-2192 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2192.html CVE-2015-2192 https://bugzilla.suse.com/920700 SUSE Bug 920700 The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2015-3808 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3808.html CVE-2015-3808 https://bugzilla.suse.com/930689 SUSE Bug 930689 The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2015-3809 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3809.html CVE-2015-3809 https://bugzilla.suse.com/930689 SUSE Bug 930689 epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. CVE-2015-3810 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3810.html CVE-2015-3810 https://bugzilla.suse.com/930689 SUSE Bug 930689 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. CVE-2015-3811 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3811.html CVE-2015-3811 https://bugzilla.suse.com/930689 SUSE Bug 930689 https://bugzilla.suse.com/930691 SUSE Bug 930691 Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVE-2015-3812 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3812.html CVE-2015-3812 https://bugzilla.suse.com/930689 SUSE Bug 930689 https://bugzilla.suse.com/930691 SUSE Bug 930691 The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. CVE-2015-3813 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3813.html CVE-2015-3813 https://bugzilla.suse.com/930689 SUSE Bug 930689 The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2015-3814 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3814.html CVE-2015-3814 https://bugzilla.suse.com/930689 SUSE Bug 930689 https://bugzilla.suse.com/930691 SUSE Bug 930691 The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. CVE-2015-3815 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3815.html CVE-2015-3815 https://bugzilla.suse.com/930689 SUSE Bug 930689 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-4651 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4651.html CVE-2015-4651 https://bugzilla.suse.com/935157 SUSE Bug 935157 epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. CVE-2015-4652 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-4652.html CVE-2015-4652 https://bugzilla.suse.com/935158 SUSE Bug 935158 The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-6241 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-6241.html CVE-2015-6241 https://bugzilla.suse.com/941500 SUSE Bug 941500 The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. CVE-2015-6242 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-6242.html CVE-2015-6242 https://bugzilla.suse.com/941500 SUSE Bug 941500 The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. CVE-2015-6243 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-6243.html CVE-2015-6243 https://bugzilla.suse.com/941500 SUSE Bug 941500 The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-6244 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-6244.html CVE-2015-6244 https://bugzilla.suse.com/941500 SUSE Bug 941500 epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2015-6245 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-6245.html CVE-2015-6245 https://bugzilla.suse.com/941500 SUSE Bug 941500 The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-6246 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-6246.html CVE-2015-6246 https://bugzilla.suse.com/941500 SUSE Bug 941500 The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2015-6247 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-6247.html CVE-2015-6247 https://bugzilla.suse.com/941500 SUSE Bug 941500 The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-6248 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-6248.html CVE-2015-6248 https://bugzilla.suse.com/941500 SUSE Bug 941500 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-6249 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-6249.html CVE-2015-6249 https://bugzilla.suse.com/941500 SUSE Bug 941500 The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. CVE-2015-7830 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-7830.html CVE-2015-7830 https://bugzilla.suse.com/950437 SUSE Bug 950437 https://bugzilla.suse.com/960382 SUSE Bug 960382 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVE-2015-8711 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8711.html CVE-2015-8711 https://bugzilla.suse.com/960382 SUSE Bug 960382 Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-8718 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8718.html CVE-2015-8718 https://bugzilla.suse.com/960382 SUSE Bug 960382 The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-8720 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8720.html CVE-2015-8720 https://bugzilla.suse.com/960382 SUSE Bug 960382 Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. CVE-2015-8721 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8721.html CVE-2015-8721 https://bugzilla.suse.com/960382 SUSE Bug 960382 epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. CVE-2015-8722 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8722.html CVE-2015-8722 https://bugzilla.suse.com/960382 SUSE Bug 960382 The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVE-2015-8723 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8723.html CVE-2015-8723 https://bugzilla.suse.com/960382 SUSE Bug 960382 The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVE-2015-8724 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8724.html CVE-2015-8724 https://bugzilla.suse.com/960382 SUSE Bug 960382 The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVE-2015-8725 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8725.html CVE-2015-8725 https://bugzilla.suse.com/960382 SUSE Bug 960382 wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVE-2015-8726 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8726.html CVE-2015-8726 https://bugzilla.suse.com/960382 SUSE Bug 960382 The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVE-2015-8727 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8727.html CVE-2015-8727 https://bugzilla.suse.com/960382 SUSE Bug 960382 The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. CVE-2015-8728 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8728.html CVE-2015-8728 https://bugzilla.suse.com/960382 SUSE Bug 960382 The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVE-2015-8729 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8729.html CVE-2015-8729 https://bugzilla.suse.com/960382 SUSE Bug 960382 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. CVE-2015-8730 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8730.html CVE-2015-8730 https://bugzilla.suse.com/960382 SUSE Bug 960382 The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVE-2015-8731 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8731.html CVE-2015-8731 https://bugzilla.suse.com/960382 SUSE Bug 960382 The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVE-2015-8732 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8732.html CVE-2015-8732 https://bugzilla.suse.com/960382 SUSE Bug 960382 The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVE-2015-8733 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8733.html CVE-2015-8733 https://bugzilla.suse.com/960382 SUSE Bug 960382 The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-8734 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8734.html CVE-2015-8734 The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. CVE-2015-8735 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8735.html CVE-2015-8735 The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. CVE-2015-8736 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8736.html CVE-2015-8736 The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. CVE-2015-8737 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8737.html CVE-2015-8737 The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. CVE-2015-8738 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8738.html CVE-2015-8738 The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. CVE-2015-8739 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8739.html CVE-2015-8739 The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVE-2015-8740 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8740.html CVE-2015-8740 The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2015-8741 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8741.html CVE-2015-8741 The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVE-2015-8742 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8742.html CVE-2015-8742 The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVE-2016-2522 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2522.html CVE-2016-2522 https://bugzilla.suse.com/968565 SUSE Bug 968565 The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2016-2523 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2523.html CVE-2016-2523 https://bugzilla.suse.com/968565 SUSE Bug 968565 epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2016-2524 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2524.html CVE-2016-2524 https://bugzilla.suse.com/968565 SUSE Bug 968565 epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVE-2016-2525 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2525.html CVE-2016-2525 https://bugzilla.suse.com/968565 SUSE Bug 968565 epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVE-2016-2526 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2526.html CVE-2016-2526 https://bugzilla.suse.com/968565 SUSE Bug 968565 wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. CVE-2016-2527 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2527.html CVE-2016-2527 https://bugzilla.suse.com/968565 SUSE Bug 968565 The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVE-2016-2528 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2528.html CVE-2016-2528 https://bugzilla.suse.com/968565 SUSE Bug 968565 The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. CVE-2016-2529 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2529.html CVE-2016-2529 https://bugzilla.suse.com/968565 SUSE Bug 968565 The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. CVE-2016-2530 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2530.html CVE-2016-2530 https://bugzilla.suse.com/968565 SUSE Bug 968565 Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. CVE-2016-2531 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2531.html CVE-2016-2531 https://bugzilla.suse.com/968565 SUSE Bug 968565 The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. CVE-2016-2532 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2532.html CVE-2016-2532 https://bugzilla.suse.com/968565 SUSE Bug 968565 epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. CVE-2016-5350 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5350.html CVE-2016-5350 https://bugzilla.suse.com/983671 SUSE Bug 983671 epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2016-5351 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5351.html CVE-2016-5351 https://bugzilla.suse.com/983671 SUSE Bug 983671 epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2016-5352 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5352.html CVE-2016-5352 https://bugzilla.suse.com/983671 SUSE Bug 983671 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2016-5353 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5353.html CVE-2016-5353 https://bugzilla.suse.com/983671 SUSE Bug 983671 The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2016-5354 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5354.html CVE-2016-5354 https://bugzilla.suse.com/983671 SUSE Bug 983671 wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2016-5355 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5355.html CVE-2016-5355 https://bugzilla.suse.com/983671 SUSE Bug 983671 wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2016-5356 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5356.html CVE-2016-5356 https://bugzilla.suse.com/983671 SUSE Bug 983671 wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. CVE-2016-5357 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5357.html CVE-2016-5357 https://bugzilla.suse.com/983671 SUSE Bug 983671 epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2016-5358 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5358.html CVE-2016-5358 https://bugzilla.suse.com/983671 SUSE Bug 983671 epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. CVE-2016-6505 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6505.html CVE-2016-6505 https://bugzilla.suse.com/991013 SUSE Bug 991013 epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. CVE-2016-6508 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6508.html CVE-2016-6508 https://bugzilla.suse.com/991017 SUSE Bug 991017 epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2016-6509 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6509.html CVE-2016-6509 https://bugzilla.suse.com/991018 SUSE Bug 991018 Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. CVE-2016-6510 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6510.html CVE-2016-6510 https://bugzilla.suse.com/991019 SUSE Bug 991019 epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. CVE-2016-6511 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6511.html CVE-2016-6511 https://bugzilla.suse.com/991020 SUSE Bug 991020 epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. CVE-2016-6512 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6512.html CVE-2016-6512 https://bugzilla.suse.com/991021 SUSE Bug 991021 epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2016-6513 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6513.html CVE-2016-6513 https://bugzilla.suse.com/991022 SUSE Bug 991022 epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. CVE-2016-7175 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7175.html CVE-2016-7175 https://bugzilla.suse.com/998099 SUSE Bug 998099 https://bugzilla.suse.com/998761 SUSE Bug 998761 epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. CVE-2016-7176 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7176.html CVE-2016-7176 https://bugzilla.suse.com/998099 SUSE Bug 998099 https://bugzilla.suse.com/998762 SUSE Bug 998762 epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. CVE-2016-7177 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7177.html CVE-2016-7177 https://bugzilla.suse.com/998099 SUSE Bug 998099 https://bugzilla.suse.com/998763 SUSE Bug 998763 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. CVE-2016-7178 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7178.html CVE-2016-7178 https://bugzilla.suse.com/998099 SUSE Bug 998099 https://bugzilla.suse.com/998964 SUSE Bug 998964 Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. CVE-2016-7179 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7179.html CVE-2016-7179 https://bugzilla.suse.com/998099 SUSE Bug 998099 https://bugzilla.suse.com/998963 SUSE Bug 998963 epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. CVE-2016-7180 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7180.html CVE-2016-7180 https://bugzilla.suse.com/998099 SUSE Bug 998099 https://bugzilla.suse.com/998800 SUSE Bug 998800 In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. CVE-2016-9372 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9372.html CVE-2016-9372 https://bugzilla.suse.com/1010807 SUSE Bug 1010807 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. CVE-2016-9373 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9373.html CVE-2016-9373 https://bugzilla.suse.com/1010754 SUSE Bug 1010754 https://bugzilla.suse.com/1010911 SUSE Bug 1010911 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. CVE-2016-9374 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9374.html CVE-2016-9374 https://bugzilla.suse.com/1010752 SUSE Bug 1010752 https://bugzilla.suse.com/1010911 SUSE Bug 1010911 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. CVE-2016-9375 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9375.html CVE-2016-9375 https://bugzilla.suse.com/1010740 SUSE Bug 1010740 https://bugzilla.suse.com/1010911 SUSE Bug 1010911 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. CVE-2016-9376 openSUSE Tumbleweed:wireshark-2.2.2-1.1 openSUSE Tumbleweed:wireshark-devel-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-gtk-2.2.2-1.1 openSUSE Tumbleweed:wireshark-ui-qt-2.2.2-1.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9376.html CVE-2016-9376 https://bugzilla.suse.com/1010735 SUSE Bug 1010735 https://bugzilla.suse.com/1010911 SUSE Bug 1010911