Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wireshark Subscribe
Total 637 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19626 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-08-24 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.
CVE-2018-16058 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-08-24 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.
CVE-2018-16056 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-08-24 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.
CVE-2018-7420 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-08-24 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
CVE-2019-10902 2 Fedoraproject, Wireshark 2 Fedora, Wireshark 2020-08-24 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.
CVE-2019-10900 2 Fedoraproject, Wireshark 2 Fedora, Wireshark 2020-08-24 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
CVE-2019-5719 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-08-24 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.
CVE-2019-10898 2 Fedoraproject, Wireshark 2 Fedora, Wireshark 2020-08-24 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.
CVE-2018-9264 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-08-24 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.
CVE-2018-11362 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
CVE-2018-11357 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
CVE-2018-11361 1 Wireshark 1 Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.
CVE-2018-19625 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
CVE-2018-19627 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
CVE-2018-19624 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
CVE-2018-18227 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
CVE-2018-19622 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
CVE-2018-19623 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values.
CVE-2018-19628 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
CVE-2019-5716 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.