Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119.
Max CVSS
6.1
EPSS Score
0.23%
Published
2007-12-19
Updated
2023-02-13
Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.
Max CVSS
6.8
EPSS Score
5.08%
Published
2011-02-08
Updated
2017-09-19
Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file.
Max CVSS
6.8
EPSS Score
0.38%
Published
2011-03-03
Updated
2023-02-13
The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.
Max CVSS
6.1
EPSS Score
0.17%
Published
2013-03-07
Updated
2018-10-30
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Max CVSS
6.1
EPSS Score
0.16%
Published
2013-03-07
Updated
2018-10-30
The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
Max CVSS
6.1
EPSS Score
0.17%
Published
2013-03-07
Updated
2018-10-30
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.
Max CVSS
6.1
EPSS Score
0.13%
Published
2013-03-07
Updated
2018-10-30
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.
Max CVSS
6.5
EPSS Score
0.22%
Published
2018-01-11
Updated
2019-03-12
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.
Max CVSS
6.5
EPSS Score
0.22%
Published
2018-01-11
Updated
2019-03-12
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.
Max CVSS
6.5
EPSS Score
0.11%
Published
2020-01-16
Updated
2021-07-21
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
Max CVSS
6.5
EPSS Score
0.23%
Published
2020-08-13
Updated
2022-09-02
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.40%
Published
2021-04-23
Updated
2022-03-31
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.16%
Published
2022-02-18
Updated
2022-11-04
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
Max CVSS
6.3
EPSS Score
0.05%
Published
2022-09-13
Updated
2023-02-28
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
Max CVSS
6.3
EPSS Score
0.12%
Published
2023-01-12
Updated
2023-02-11
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-01-12
Updated
2023-02-11
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-01-26
Updated
2023-02-09
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-01-26
Updated
2023-02-09
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-01-26
Updated
2023-02-01
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-01-26
Updated
2023-02-09
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-01-26
Updated
2023-02-01
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-01-26
Updated
2023-02-09
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-06-07
Updated
2023-10-20
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-06-07
Updated
2023-10-20
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-06-07
Updated
2023-10-20
36 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!