CVE id	CWE id	Brief description	Detectability by tools
CVE-2010-2287	CWE-119	Buffer overflow in SigComp UDVM dissector. Maximum UDVM message size is not 65535, but 65536.	Unclear
CVE-2010-2286	CWE-399	SigComp UDVM dissector has an infinite loop.	Very difficult. Loop impelemented by goto statements that span about 2K lines of code.
CVE-2010-2285	CWE-476	In SMB PIPE dissector, "string" can be NULL, which can overflow some implementations of vsnprintf().	Not difficult
CVE-2010-2284	CWE-119	Recursive call to get_ber_length() can cause the program to run out of stack space. Fix: Make get_ber_length() iterative.	Difficult
CVE-2010-2283	CWE-476	Pointer "nti" can be NULL and is passed to function dissect_smb2_ioctl_data().	Not difficult
CVE-2010-1455	CWE-20	A string pointer ("%s") is read instead of an integer ("%d" or "%u").	Not difficult
CVE-2010-0304	CWE-119	buffer overflow to dissect_getaddrsbyname_request function.	Unclear
CVE-2009-4378	CWE-474	Using strftime(..., "%F %T", ...) crashes on Windows (VC9)	Difficult, since only a specific platform is affected.
CVE-2009-4377 (1)	CWE-476	Pointer "ioctlfunc" can be null and is dereferenced.	Not difficult
CVE-2009-4377 (2)	CWE-476	"nti" can be null and is dereferenced in "nti->ioctl_function"	Not difficult
CVE-2009-4376	CWE-119	sscanf()" overflows buffer "readData" and "seekData".	Not difficult
CVE-2009-3829	CWE-189	"packet_size" is not checked before passing it to "malloc()"	Not difficult
CVE-2009-3551	CWE-189	"dialect" should be strictly less than "dialects->num". "dialects" is populated in "dissect_negprot_request()" and used in "dissect_negprot_response()", where the off-by-one access occurs. The functions are called indirectly via a table of function pointers.	Not difficult for tools that do inter-procedural analysis and indirect function call handling.
CVE-2009-3550	CWE-476	"item->parent" can be null, therefore "item = item->parent" sets item to null, which in turn is dereferenced in another "item->parent".	Unclear, may require understanding of the design.
CVE-2009-3549	CWE-20	Casting "pinfo->net_src.data" and "pinfo->net_dst.data" may cause problems on certain platforms, like SPARC.	Difficult, not all platforms are affected.
CVE-2009-3243	CWE-119	Array element is missing in ssl_version_short_names, resulting in array overruns.	Not difficult
CVE-2009-3242	CWE-457	"data_handle" is never initialized and is passed to "call_dissector()".	Unclear
CVE-2009-3241	CWE-401	Unclear	Unclear
CVE-2009-2563	CWE-476	Call to "tvb_free()" has been removed in subsequent versions. It seems that either "next_tvb" could be null, or that the memory could be double-freed later.	Unclear
CVE-2009-2562	CWE-190	Unclear from the bug description.	Unclear
CVE-2009-2561	CWE-190	Integer overflow: "return_offset" can be less than "offset".	Unclear
CVE-2009-2560 (1)	CWE-119	"mfp->reassembled" is of size "sdulen". Buffer "tvb" of size "length", which can be larger than "sdulen", is copied to the first buffer, potentially causing a buffer overflow.	Not difficult
CVE-2009-2560 (2)	CWE-119	Cleanup issues. Wireshark uses a stack of things to clean up in case an exception is thrown. It seems that one of the stacked clean up command is not popped properly, leading to memory corruption.	Difficult, requires knowledge of application design.
CVE-2009-2559	CWE-119	Variable "i" is not checked and goes out of bounds of tables "bsel" and "tsel".	Unclear how difficult it is to detect without knowing the design.
