CVE-2014-2299

Public exploit
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
Max CVSS
9.3
EPSS Score
95.27%
Published
2014-03-11
Updated
2016-06-02

CVE-2013-4074

Public exploit
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
5.0
EPSS Score
6.09%
Published
2013-06-09
Updated
2018-10-30

CVE-2011-1140

Public exploit
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
Max CVSS
4.3
EPSS Score
2.07%
Published
2011-03-03
Updated
2017-09-19

CVE-2010-0304

Public exploit
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
Max CVSS
7.5
EPSS Score
93.85%
Published
2010-02-03
Updated
2017-09-19

CVE-2008-1562

Public exploit
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Max CVSS
5.0
EPSS Score
1.69%
Published
2008-03-31
Updated
2018-10-11

CVE-2007-3389

Public exploit
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
Max CVSS
5.0
EPSS Score
1.09%
Published
2007-06-26
Updated
2017-10-11
A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-03-23
An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-03-21
A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-03-23
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-27
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-03
Updated
2024-01-10
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-03
Updated
2024-01-10
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-03
Updated
2024-01-10
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.06%
Published
2024-01-03
Updated
2024-03-01
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-03
Updated
2024-01-09
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-11-16
Updated
2024-02-11
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.12%
Published
2023-10-04
Updated
2024-02-11
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-08-24
Updated
2024-03-01
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-08-24
Updated
2023-09-15
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-08-24
Updated
2024-03-01
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-14
Updated
2023-07-25
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-14
Updated
2023-07-25
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-05-30
Updated
2023-10-20
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-08-25
Updated
2023-09-15
472 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!