Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wireshark Subscribe
Total 637 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17935 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
CVE-2017-6014 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
CVE-2017-7700 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 7.1 HIGH 6.5 MEDIUM
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.
CVE-2017-13765 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
CVE-2017-15189 1 Wireshark 1 Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.
CVE-2017-15190 1 Wireshark 1 Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.
CVE-2017-11409 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 7.8 HIGH 7.5 HIGH
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.
CVE-2018-7331 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.
CVE-2017-11411 1 Wireshark 1 Wireshark 2019-10-02 7.8 HIGH 7.5 HIGH
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.
CVE-2017-11406 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.
CVE-2018-7332 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.
CVE-2018-7333 1 Wireshark 1 Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.
CVE-2017-15192 1 Wireshark 1 Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.
CVE-2017-7701 1 Wireshark 1 Wireshark 2019-10-02 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.
CVE-2018-9272 1 Wireshark 1 Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.
CVE-2017-9766 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
CVE-2017-9617 1 Wireshark 1 Wireshark 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
CVE-2017-7702 1 Wireshark 1 Wireshark 2019-10-02 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.
CVE-2018-9273 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
CVE-2018-7327 1 Wireshark 1 Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.