Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wireshark Subscribe
Total 637 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18227 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
CVE-2018-14339 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
CVE-2018-14369 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.
CVE-2019-5717 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.
CVE-2018-11354 1 Wireshark 1 Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
CVE-2018-14340 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
CVE-2018-14342 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 7.8 HIGH 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
CVE-2018-14341 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 7.8 HIGH 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
CVE-2018-14367 1 Wireshark 1 Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
CVE-2018-11357 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
CVE-2018-11355 1 Wireshark 1 Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
CVE-2018-14370 1 Wireshark 1 Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.
CVE-2018-18226 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 7.8 HIGH 7.5 HIGH
In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach.
CVE-2018-19628 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
CVE-2018-19627 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
CVE-2019-5716 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.
CVE-2018-14343 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
CVE-2018-14344 1 Wireshark 1 Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.
CVE-2018-11356 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-03-19 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
CVE-2019-5718 2 Debian, Wireshark 2 Debian Linux, Wireshark 2020-01-15 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.