CVE-2014-2299
Public exploit
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
Max CVSS
9.3
EPSS Score
95.27%
Published
2014-03-11
Updated
2016-06-02
CVE-2013-4074
Public exploit
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
5.0
EPSS Score
6.09%
Published
2013-06-09
Updated
2018-10-30
CVE-2011-3360
Public exploit
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
Max CVSS
9.3
EPSS Score
97.43%
Published
2011-09-20
Updated
2017-09-19
CVE-2011-1591
Public exploit
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
Max CVSS
9.3
EPSS Score
96.38%
Published
2011-04-29
Updated
2017-09-19
CVE-2011-1140
Public exploit
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
Max CVSS
4.3
EPSS Score
2.07%
Published
2011-03-03
Updated
2017-09-19
CVE-2010-0304
Public exploit
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
Max CVSS
7.5
EPSS Score
93.85%
Published
2010-02-03
Updated
2017-09-19
CVE-2008-1562
Public exploit
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Max CVSS
5.0
EPSS Score
1.69%
Published
2008-03-31
Updated
2018-10-11
CVE-2007-3389
Public exploit
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
Max CVSS
5.0
EPSS Score
1.09%
Published
2007-06-26
Updated
2017-10-11
A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-04-11
An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-04-11
A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-04-11
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-27
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-03
Updated
2024-01-10
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-03
Updated
2024-01-10
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-03
Updated
2024-01-10
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.06%
Published
2024-01-03
Updated
2024-03-01
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-03
Updated
2024-01-09
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-03-26
Updated
2024-03-26
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-11-16
Updated
2024-02-11
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file
Max CVSS
6.5
EPSS Score
0.12%
Published
2023-10-04
Updated
2024-02-11
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-08-24
Updated
2024-03-01
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-08-24
Updated
2023-09-15
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-08-24
Updated
2024-03-01
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-14
Updated
2023-07-25
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-14
Updated
2023-07-25