Vulnerabilities (CVE)

Filtered by vendor Wireshark Subscribe
Filtered by product Wireshark
Total 665 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-6014 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
CVE-2017-5597 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.
CVE-2017-5596 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.
CVE-2017-17997 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
CVE-2017-17935 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
CVE-2017-17085 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
CVE-2017-17084 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.
CVE-2017-17083 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.
CVE-2017-15193 1 Wireshark 1 Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.
CVE-2017-15192 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.
CVE-2017-15191 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
CVE-2017-15190 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.
CVE-2017-15189 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.
CVE-2017-13767 1 Wireshark 1 Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.
CVE-2017-13766 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.
CVE-2017-13765 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
CVE-2017-13764 1 Wireshark 1 Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.
CVE-2017-11411 1 Wireshark 1 Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.
CVE-2017-11410 1 Wireshark 1 Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.
CVE-2017-11409 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 7.8 HIGH 7.5 HIGH
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.