I’ve uncovered a logic error in the relevance for 12 fixlets in the Vulnerability to Windows Systems site. In 3 cases, the final test should be AND rather than OR:
it as string as lowercase as version >= (“2.2.0”) as version) AND (it as string as lowercase as version < (“2.2.7”) as version
In the other 9 cases, the final 2 tests should use AND rather than OR:
- “it as string as lowercase as version >= (“2.2.0”) as version) AND (it as string as lowercase as version < (“2.2.7”) as version”
- “it as string as lowercase as version >= (“2.0.0”) as version) AND (it as string as lowercase as version < (“2.0.13”) as version”
…
ID Name
276301 In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference - CVE-2017-9347
276401 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory - CVE-2017-9350
276501 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer - CVE-2017-9343
276601 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer - CVE-2017-9351
276701 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop - CVE-2017-9349
276801 In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer - CVE-2017-9348
276901 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop - CVE-2017-9346
277001 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop - CVE-2017-9352
277101 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero - CVE-2017-9344
277201 In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash - CVE-2017-9353
277301 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash - CVE-2017-9354
277401 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop - CVE-2017-9345