CVE-2017-6657: Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-6658: Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13011: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13012: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13013: The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13015: The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13016: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13017: The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13018: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13019: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13020: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13021: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13022: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13023: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13024: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13025: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13026: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13027: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13028: The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13029: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13030: The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13031: The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13032: The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13033: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13034: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13035: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13036: The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13037: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13039: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13042: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13043: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13044: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13688: The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13045: The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13046: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13047: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13048: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13050: The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13689: The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13690: The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13051: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13055: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13052: The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13053: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). (Joint work with Bhargava Shastry and TU Berlin)
CVE-2017-13054: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print() (Joint work with Bhargava Shastry and TU Berlin)
CVE-2014-9625: A heap-based buffer overflow caused by an integer truncation in VLC's automated updater allows remote users to execute arbitrary code on 32 bit installations (Fabian Yamaguchi).
CVE-2014-9626: An integer underflow in the MP4 Demuxer allows a heap-based buffer overflow to be triggered, possibly allowing for arbitrary code execution (Fabian Yamaguchi).
CVE-2014-9627: An integer truncation on 32 bit platforms in the MP4 Demuxer allows a heap-based buffer overflow to be triggered, possibly allowing for arbitrary code execution (Fabian Yamaguchi).
CVE-2014-9628: A zero-byte allocation in the MP4 Demuxer allows a heap-based buffer overflow to be triggered, possibly allowing for arbitrary code execution (Fabian Yamaguchi).
CVE-2014-9629: Potential heap-based buffer overflows in the Schroedinger encoder and Dirac encoder may allow for arbitrary code execution. (Alwin Maier and Fabian Yamaguchi)
CVE-2014-9630: An attacker-controlled stack allocation in the RTP streaming code allows an attacker to cause a denial of service or possibly have other unspecified impact. (Alwin Maier and Fabian Yamaguchi)
CVE-2015-1202: An attacker-controlled stack allocation in the SAP service discovery code may allow an attacker to cause a denial of service or possibly have other unspecified impact. (Fabian Yamaguchi)
CVE-2015-1203: An attacker-controlled stack allocation in the FTP access module may allow an attacker to cause a denial of service or possibly have other unspecified impact. (Fabian Yamaguchi)
CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c (Nico Golde and Fabian Yamaguchi)
CVE-2013-4512: Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation. (Nico Golde and Fabian Yamaguchi)
CVE-2013-4513: Buffer overflow in the Ozmo Devices USB over WiFi devices. A local user could exploit this flaw to cause a denial of service or possibly unspecified impact. (Nico Golde and Fabian Yamaguchi)
CVE-2013-4514: Flaw in the Linux kernel's driver for Agere Systems HERMES II Wireless PC Cards. A local user with the CAP_NET_ADMIN capability could exploit this flaw to cause a denial of service or possibly gain adminstrative priviliges. (Nico Golde and Fabian Yamaguchi)
CVE-2013-4515: Flaw in the Linux kernel's driver for Beceem WIMAX chipset based devices. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (Nico Golde and Fabian Yamaguchi)
CVE-2013-4516: Flaw in the Linux kernel's driver for the SystemBase Multi-2/PCI serial card. An unprivileged user could obtain sensitive information from kernel memory. (Nico Golde and Fabian Yamaguchi)
CVE-2013-6378: Flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (Nico Golde and Fabian Yamaguchi)
CVE-2013-6380: Flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (Nico Golde and Fabian Yamaguchi)
CVE-2013-6381: Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size. (Nico Golde and Fabian Yamaguchi)
CVE-2013-6382: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value. (Nico Golde and Fabian Yamaguchi)
CVE-2013-6763: Flaw in the Linux kernel's userspace IO (uio) driver. A local user could exploit this flaw to cause a denial of service (memory corruption) or possibly gain privileges. (Nico Golde and Fabian Yamaguchi)
CVE-2013-6483: The XMPP protocol plugin failed to ensure that iq replies came from the person they were sent to. A remote user could send a spoofed iq reply and attempt to guess the iq id. This could allow an attacker to inject fake data or trigger a null pointer dereference. (Christian Wressnegger and Fabian Yamaguchi)
CVE-2013-6482: A malicious server or man-in-the-middle could send Pidgin a specially-crafted SOAP response that results in a NULL pointer dereference. A malicious server or man-in-the-middle could send us a specially-crafted XML response that results in a NULL pointer dereference. A malformed Content-Length header could lead to a NULL pointer dereference. (Christian Wressnegger and Fabian Yamaguchi)
CVE-2012-2318: Incoming messages with certain characters or character encodings can cause clients to crash. (Fabian Yamaguchi)
CVE-2012-0947: Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size. (Markus Lottmann and Fabian Yamaguchi)
CVE-2013-0211: Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. (Fabian Yamaguchi)