Download
| Alert*
oval:org.secpod.oval:def:62423
The host is missing a security update according to Wireshark Advisory. The update is required to fix a denial-of-service vulnerability. A flaw is present in the application, which fails to properly handle a malformed packet. Successful exploitation allows attackers to make Wireshark crash. oval:org.secpod.oval:def:62422 The host is installed with Wireshark 2.6.0 before 2.6.16, 3.0.0 before 3.0.10 or 3.2.0 before 3.2.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a malformed packet. Successful exploitation allows attackers to make Wireshark c ... oval:org.secpod.oval:def:1801733 It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, 2.6.0 to 2.6.15 Fixed versions: 3.2.3, 3.0.10, 2.6.16 oval:org.secpod.oval:def:89050216 This update for wireshark fixes the following issues: - Wireshark to 3.2.5: * CVE-2020-15466: GVCP dissector infinite loop * CVE-2020-13164: NFS dissector crash * CVE-2020-11647: The BACapp dissector could crash - Further features, bug fixes and updated protocol support as listed in: https://www. ... oval:org.secpod.oval:def:64010 Oracle Solaris 11 - ( CVE-2020-11647 ) oval:org.secpod.oval:def:62430 The host is installed with Wireshark 2.6.0 before 2.6.16, 3.0.0 before 3.0.10 or 3.2.0 before 3.2.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a malformed packet. Successful exploitation allows attackers to make Wireshark c ... oval:org.secpod.oval:def:2004208 In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. oval:org.secpod.oval:def:62431 The host is missing a security update according to Wireshark Advisory. The update is required to fix a denial-of-service vulnerability. A flaw is present in the application, which fails to properly handle a malformed packet. Successful exploitation allows attackers to make Wireshark crash. |