Vulnerabilities (CVE)

Filtered by vendor Wireshark Subscribe
Total 665 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-9265 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
CVE-2018-9262 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.
CVE-2018-11362 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
CVE-2018-7420 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
CVE-2018-11360 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
CVE-2018-7419 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.
CVE-2018-9271 1 Wireshark 1 Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.
CVE-2018-9263 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.
CVE-2017-15190 1 Wireshark 1 Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.
CVE-2017-9351 1 Wireshark 1 Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
CVE-2017-13765 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
CVE-2017-9344 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.
CVE-2017-9346 1 Wireshark 1 Wireshark 2024-02-28 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
CVE-2017-17084 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.
CVE-2017-11409 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 7.8 HIGH 7.5 HIGH
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.
CVE-2017-9352 1 Wireshark 1 Wireshark 2024-02-28 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
CVE-2017-15189 1 Wireshark 1 Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.
CVE-2018-5336 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
CVE-2017-9345 1 Wireshark 1 Wireshark 2024-02-28 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
CVE-2017-11408 1 Wireshark 1 Wireshark 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.