Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wireshark Subscribe
Total 637 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5355 1 Wireshark 1 Wireshark 2016-11-28 4.3 MEDIUM 5.9 MEDIUM
wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-5354 1 Wireshark 1 Wireshark 2016-11-28 4.3 MEDIUM 5.9 MEDIUM
The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-5353 1 Wireshark 1 Wireshark 2016-11-28 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-5352 1 Wireshark 1 Wireshark 2016-11-28 4.3 MEDIUM 5.9 MEDIUM
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-5351 1 Wireshark 1 Wireshark 2016-11-28 4.3 MEDIUM 5.9 MEDIUM
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-7176 2 Debian, Wireshark 2 Debian Linux, Wireshark 2016-09-30 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet.
CVE-2016-7175 1 Wireshark 1 Wireshark 2016-09-30 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
CVE-2016-7177 2 Debian, Wireshark 2 Debian Linux, Wireshark 2016-09-29 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
CVE-2016-7180 2 Debian, Wireshark 2 Debian Linux, Wireshark 2016-09-29 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
CVE-2016-7179 2 Debian, Wireshark 2 Debian Linux, Wireshark 2016-09-29 4.3 MEDIUM 5.9 MEDIUM
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-7178 2 Debian, Wireshark 2 Debian Linux, Wireshark 2016-09-29 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.
CVE-2014-2299 1 Wireshark 1 Wireshark 2016-06-01 9.3 HIGH N/A
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
CVE-2016-4419 1 Wireshark 1 Wireshark 2016-05-04 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.
CVE-2016-4420 1 Wireshark 1 Wireshark 2016-05-04 4.3 MEDIUM 5.9 MEDIUM
The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-4415 1 Wireshark 1 Wireshark 2016-05-04 4.3 MEDIUM 5.9 MEDIUM
wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.
CVE-2016-4416 1 Wireshark 1 Wireshark 2016-05-04 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
CVE-2014-2282 1 Wireshark 1 Wireshark 2016-04-04 4.3 MEDIUM N/A
The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.
CVE-2014-2283 1 Wireshark 1 Wireshark 2015-08-12 4.3 MEDIUM N/A
epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.
CVE-2014-2281 1 Wireshark 1 Wireshark 2015-08-12 4.3 MEDIUM N/A
The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.
CVE-2014-6429 1 Wireshark 1 Wireshark 2014-11-05 5.0 MEDIUM N/A
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.