Total
637 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0599 | 1 Wireshark | 1 Wireshark | 2018-10-10 | 5.0 MEDIUM | N/A |
Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. | |||||
CVE-2011-3266 | 1 Wireshark | 1 Wireshark | 2018-10-09 | 2.6 LOW | N/A |
The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. | |||||
CVE-2018-14438 | 1 Wireshark | 1 Wireshark | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. | |||||
CVE-2017-17084 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2018-02-03 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. | |||||
CVE-2017-17083 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2018-02-03 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. | |||||
CVE-2017-17085 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2018-02-03 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. | |||||
CVE-2017-11408 | 1 Wireshark | 1 Wireshark | 2018-02-03 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. | |||||
CVE-2015-3813 | 1 Wireshark | 1 Wireshark | 2018-01-04 | 5.0 MEDIUM | N/A |
The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. | |||||
CVE-2014-8710 | 1 Wireshark | 1 Wireshark | 2018-01-04 | 5.0 MEDIUM | N/A |
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. | |||||
CVE-2014-8712 | 1 Wireshark | 1 Wireshark | 2018-01-04 | 5.0 MEDIUM | N/A |
The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2015-0562 | 1 Wireshark | 1 Wireshark | 2018-01-04 | 5.0 MEDIUM | N/A |
Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. | |||||
CVE-2014-8713 | 1 Wireshark | 1 Wireshark | 2018-01-04 | 5.0 MEDIUM | N/A |
Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2014-8714 | 1 Wireshark | 1 Wireshark | 2018-01-04 | 5.0 MEDIUM | N/A |
The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
CVE-2014-8711 | 1 Wireshark | 1 Wireshark | 2018-01-04 | 5.0 MEDIUM | N/A |
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. | |||||
CVE-2012-1593 | 1 Wireshark | 1 Wireshark | 2017-12-28 | 3.3 LOW | N/A |
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. | |||||
CVE-2012-1596 | 1 Wireshark | 1 Wireshark | 2017-12-28 | 5.0 MEDIUM | N/A |
The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. | |||||
CVE-2012-1594 | 1 Wireshark | 1 Wireshark | 2017-12-28 | 3.3 LOW | N/A |
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
CVE-2014-4020 | 1 Wireshark | 1 Wireshark | 2017-12-28 | 4.3 MEDIUM | N/A |
The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2017-13766 | 1 Wireshark | 1 Wireshark | 2017-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. | |||||
CVE-2017-5597 | 1 Wireshark | 1 Wireshark | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. |