A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-03-23
An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-03-21
A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-03-23
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-14
Updated
2023-07-25
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-14
Updated
2023-07-25
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
Max CVSS
5.5
EPSS Score
0.09%
Published
2021-12-30
Updated
2022-11-04
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
Max CVSS
5.3
EPSS Score
0.15%
Published
2020-12-21
Updated
2022-09-02
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
Max CVSS
5.3
EPSS Score
0.40%
Published
2020-12-11
Updated
2022-09-02
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
Max CVSS
5.3
EPSS Score
0.33%
Published
2020-12-11
Updated
2022-09-02
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
Max CVSS
5.3
EPSS Score
0.33%
Published
2020-12-11
Updated
2022-09-02
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
Max CVSS
5.3
EPSS Score
0.48%
Published
2020-12-11
Updated
2022-09-02
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
Max CVSS
5.5
EPSS Score
0.16%
Published
2019-02-28
Updated
2022-04-05
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.
Max CVSS
5.5
EPSS Score
0.15%
Published
2019-01-08
Updated
2020-03-20
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.
Max CVSS
5.5
EPSS Score
0.37%
Published
2019-01-08
Updated
2020-08-24
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.
Max CVSS
5.5
EPSS Score
0.17%
Published
2019-01-08
Updated
2020-01-15
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.
Max CVSS
5.5
EPSS Score
0.30%
Published
2019-01-08
Updated
2020-03-20
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.
Max CVSS
5.5
EPSS Score
0.21%
Published
2019-01-08
Updated
2020-03-20
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.
Max CVSS
5.5
EPSS Score
0.12%
Published
2018-11-29
Updated
2020-08-24
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
Max CVSS
5.5
EPSS Score
0.11%
Published
2018-11-29
Updated
2020-03-20
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
Max CVSS
5.5
EPSS Score
0.12%
Published
2018-11-29
Updated
2020-03-20
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
Max CVSS
5.5
EPSS Score
0.08%
Published
2017-06-14
Updated
2019-10-03
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.
Max CVSS
5.5
EPSS Score
0.08%
Published
2017-06-14
Updated
2019-10-03
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.
Max CVSS
5.9
EPSS Score
0.30%
Published
2016-11-17
Updated
2017-07-28
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
Max CVSS
5.9
EPSS Score
0.30%
Published
2016-11-17
Updated
2017-07-28
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.
Max CVSS
5.9
EPSS Score
0.51%
Published
2016-11-17
Updated
2017-07-28
389 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!