Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wireshark Subscribe
Total 637 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7704 1 Wireshark 1 Wireshark 2019-10-02 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.
CVE-2017-11409 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 7.8 HIGH 7.5 HIGH
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.
CVE-2018-7322 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.
CVE-2018-7324 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.
CVE-2017-6472 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value.
CVE-2018-7329 1 Wireshark 1 Wireshark 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.
CVE-2019-9208 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-05-16 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.
CVE-2019-9214 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-05-16 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
CVE-2017-9344 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-03-27 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.
CVE-2017-9353 1 Wireshark 1 Wireshark 2019-03-20 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
CVE-2017-9354 1 Wireshark 1 Wireshark 2019-03-20 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
CVE-2017-9351 1 Wireshark 1 Wireshark 2019-03-20 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
CVE-2017-9348 1 Wireshark 1 Wireshark 2019-03-20 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
CVE-2017-9343 1 Wireshark 1 Wireshark 2019-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.
CVE-2017-9347 1 Wireshark 1 Wireshark 2019-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
CVE-2017-6468 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-03-13 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records.
CVE-2017-6473 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-03-13 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets.
CVE-2017-6471 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-03-13 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length.
CVE-2017-6469 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-03-13 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure.
CVE-2018-5334 2 Debian, Wireshark 2 Debian Linux, Wireshark 2019-03-12 4.3 MEDIUM 6.5 MEDIUM
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.