NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-06-07
Updated
2023-10-20
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-06-07
Updated
2023-10-20
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Max CVSS
6.5
EPSS Score
0.07%
Published
2023-06-07
Updated
2023-10-20
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
Max CVSS
7.5
EPSS Score
0.08%
Published
2022-12-09
Updated
2023-06-27
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
Max CVSS
7.5
EPSS Score
0.54%
Published
2021-11-19
Updated
2022-10-28
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
Max CVSS
7.5
EPSS Score
1.70%
Published
2021-11-19
Updated
2022-10-28
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
Max CVSS
7.5
EPSS Score
1.70%
Published
2021-11-19
Updated
2022-10-28
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
Max CVSS
5.3
EPSS Score
0.15%
Published
2020-12-21
Updated
2022-09-02
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
Max CVSS
7.5
EPSS Score
0.23%
Published
2019-07-17
Updated
2021-02-10
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
Max CVSS
5.5
EPSS Score
0.16%
Published
2019-02-28
Updated
2022-04-05
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
Max CVSS
7.5
EPSS Score
0.39%
Published
2018-07-19
Updated
2020-03-20
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
Max CVSS
7.8
EPSS Score
0.28%
Published
2018-07-19
Updated
2020-03-20
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.
Max CVSS
7.5
EPSS Score
0.35%
Published
2018-05-22
Updated
2020-03-20
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
Max CVSS
7.5
EPSS Score
0.40%
Published
2018-05-22
Updated
2020-03-20
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
Max CVSS
7.5
EPSS Score
0.35%
Published
2018-05-22
Updated
2020-03-20
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.
Max CVSS
7.5
EPSS Score
0.23%
Published
2018-04-04
Updated
2020-08-24
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.
Max CVSS
7.5
EPSS Score
0.29%
Published
2018-04-04
Updated
2019-10-03
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
Max CVSS
7.5
EPSS Score
0.34%
Published
2018-01-11
Updated
2019-03-12
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.
Max CVSS
6.5
EPSS Score
0.22%
Published
2018-01-11
Updated
2019-03-12
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.
Max CVSS
6.5
EPSS Score
0.22%
Published
2018-01-11
Updated
2019-03-12
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
Max CVSS
7.5
EPSS Score
0.20%
Published
2017-10-10
Updated
2019-03-01
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
Max CVSS
7.5
EPSS Score
0.34%
Published
2017-06-02
Updated
2019-03-20
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
Max CVSS
7.5
EPSS Score
0.39%
Published
2017-06-02
Updated
2019-03-20
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.
Max CVSS
7.5
EPSS Score
0.19%
Published
2017-01-25
Updated
2017-11-04
139 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!