Total
637 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17935 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. | |||||
| CVE-2018-7332 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. | |||||
| CVE-2018-7324 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. | |||||
| CVE-2017-7702 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. | |||||
| CVE-2018-7331 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. | |||||
| CVE-2018-7330 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. | |||||
| CVE-2017-7746 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. | |||||
| CVE-2017-15192 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. | |||||
| CVE-2017-15189 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. | |||||
| CVE-2017-15190 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. | |||||
| CVE-2017-11409 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. | |||||
| CVE-2017-11410 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. | |||||
| CVE-2017-9345 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. | |||||
| CVE-2017-13767 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. | |||||
| CVE-2017-9346 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. | |||||
| CVE-2017-13765 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. | |||||
| CVE-2017-9616 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. | |||||
| CVE-2017-9617 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. | |||||
| CVE-2018-9269 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. | |||||
| CVE-2017-9766 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. | |||||