Vulnerabilities (CVE)

Filtered by vendor Wireshark Subscribe
Total 665 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11360 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
CVE-2018-11359 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
CVE-2018-11358 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.
CVE-2018-11357 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
CVE-2018-11356 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
CVE-2018-11355 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
CVE-2018-11354 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
CVE-2017-9766 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
CVE-2017-9617 1 Wireshark 1 Wireshark 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
CVE-2017-9616 1 Wireshark 1 Wireshark 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.
CVE-2017-9354 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
CVE-2017-9353 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
CVE-2017-9352 1 Wireshark 1 Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
CVE-2017-9351 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
CVE-2017-9350 1 Wireshark 1 Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
CVE-2017-9349 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.
CVE-2017-9348 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
CVE-2017-9347 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
CVE-2017-9346 1 Wireshark 1 Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
CVE-2017-9345 1 Wireshark 1 Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.