Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wireshark Subscribe
Filtered by product Wireshark
Total 637 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3133 1 Wireshark 1 Wireshark 2017-09-18 9.3 HIGH N/A
Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.
CVE-2010-3445 1 Wireshark 1 Wireshark 2017-09-18 5.0 MEDIUM N/A
Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.
CVE-2010-4300 1 Wireshark 1 Wireshark 2017-09-18 7.5 HIGH N/A
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.
CVE-2010-4301 1 Wireshark 1 Wireshark 2017-09-18 5.0 MEDIUM N/A
epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.
CVE-2010-1455 2 Ethereal Group, Wireshark 2 Ethereal, Wireshark 2017-09-18 4.3 MEDIUM N/A
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.
CVE-2010-0304 1 Wireshark 1 Wireshark 2017-09-18 7.5 HIGH N/A
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
CVE-2009-3829 1 Wireshark 1 Wireshark 2017-09-18 9.3 HIGH N/A
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
CVE-2009-2559 1 Wireshark 1 Wireshark 2017-09-18 5.0 MEDIUM N/A
Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information.
CVE-2009-2560 1 Wireshark 1 Wireshark 2017-09-18 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9.
CVE-2009-2561 1 Wireshark 1 Wireshark 2017-09-18 5.0 MEDIUM N/A
Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.
CVE-2009-2562 1 Wireshark 1 Wireshark 2017-09-18 5.0 MEDIUM N/A
Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
CVE-2009-2563 1 Wireshark 1 Wireshark 2017-09-18 7.1 HIGH N/A
Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
CVE-2009-3241 1 Wireshark 1 Wireshark 2017-09-18 7.8 HIGH N/A
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
CVE-2009-3242 1 Wireshark 1 Wireshark 2017-09-18 5.0 MEDIUM N/A
Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.
CVE-2009-3243 2 Microsoft, Wireshark 2 Windows, Wireshark 2017-09-18 5.0 MEDIUM N/A
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
CVE-2009-3549 2 Sun, Wireshark 2 Sparc, Wireshark 2017-09-18 5.0 MEDIUM N/A
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.
CVE-2009-4378 2 Microsoft, Wireshark 2 Windows, Wireshark 2017-09-18 4.3 MEDIUM N/A
The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
CVE-2009-4376 1 Wireshark 1 Wireshark 2017-09-18 9.3 HIGH N/A
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
CVE-2009-4377 1 Wireshark 1 Wireshark 2017-09-18 4.3 MEDIUM N/A
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
CVE-2015-7830 2 Oracle, Wireshark 2 Solaris, Wireshark 2017-09-14 4.3 MEDIUM N/A
The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying.