CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Wireshark : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-7114 119 DoS Overflow 2013-12-19 2014-04-19
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.
2 CVE-2013-7113 20 DoS 2013-12-19 2014-01-17
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
3 CVE-2013-7112 20 DoS 2013-12-19 2014-04-19
5.0
None Remote Low Not required None None Partial
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
4 CVE-2013-5720 119 DoS Overflow 2013-09-16 2013-12-30
5.0
None Remote Low Not required None None Partial
Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
5 CVE-2013-4936 DoS 2013-07-29 2013-11-02
5.0
None Remote Low Not required None None Partial
The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
6 CVE-2013-4933 119 DoS Overflow 2013-07-29 2014-04-19
5.0
None Remote Low Not required None None Partial
The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.
7 CVE-2013-4932 20 DoS 2013-07-29 2014-04-19
5.0
None Remote Low Not required None None Partial
Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.
8 CVE-2013-4931 399 DoS 2013-07-29 2014-04-19
5.0
None Remote Low Not required None None Partial
epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector.
9 CVE-2013-4930 20 DoS 2013-07-29 2013-11-02
5.0
None Remote Low Not required None None Partial
The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
10 CVE-2013-4926 20 DoS 2013-07-29 2013-11-02
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
11 CVE-2013-4925 189 DoS 2013-07-29 2013-11-02
5.0
None Remote Low Not required None None Partial
Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet.
12 CVE-2013-4924 20 DoS 2013-07-29 2013-11-02
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
13 CVE-2013-4923 399 DoS 2013-07-29 2013-11-02
5.0
None Remote Low Not required None None Partial
Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.
14 CVE-2013-4922 399 DoS 2013-07-29 2013-11-02
5.0
None Remote Low Not required None None Partial
Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
15 CVE-2013-4921 189 DoS 2013-07-29 2013-11-02
5.0
None Remote Low Not required None None Partial
Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
16 CVE-2013-4920 119 DoS Overflow 2013-07-29 2013-11-02
5.0
None Remote Low Not required None None Partial
The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
17 CVE-2013-4083 20 DoS 2013-06-09 2014-04-19
5.0
None Remote Low Not required None None Partial
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
18 CVE-2013-4082 119 DoS Overflow 2013-06-09 2013-11-02
5.0
None Remote Low Not required None None Partial
The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet.
19 CVE-2013-4081 119 DoS Overflow 2013-06-09 2014-04-19
5.0
None Remote Low Not required None None Partial
The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.
20 CVE-2013-4080 119 DoS Overflow 2013-06-09 2013-11-02
5.0
None Remote Low Not required None None Partial
The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet.
21 CVE-2013-4079 119 DoS Overflow 2013-06-09 2013-11-02
5.0
None Remote Low Not required None None Partial
The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet.
22 CVE-2013-4078 20 DoS 2013-06-09 2013-11-02
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
23 CVE-2013-4077 119 DoS Overflow 2013-06-09 2013-11-02
5.0
None Remote Low Not required None None Partial
Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.
24 CVE-2013-4076 119 DoS Overflow 2013-06-09 2013-11-02
5.0
None Remote Low Not required None None Partial
Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
25 CVE-2013-4075 399 DoS 2013-06-09 2013-11-02
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
26 CVE-2013-4074 189 DoS 2013-06-09 2014-01-23
5.0
None Remote Low Not required None None Partial
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
27 CVE-2013-3562 189 DoS 2013-05-24 2013-11-02
5.0
None Remote Low Not required None None Partial
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
28 CVE-2013-3560 134 DoS 2013-05-24 2013-12-05
5.0
None Remote Low Not required None None Partial
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
29 CVE-2013-3559 189 DoS Overflow Mem. Corr. 2013-05-24 2014-04-19
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
30 CVE-2013-3558 189 DoS 2013-05-24 2013-12-05
5.0
None Remote Low Not required None None Partial
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
31 CVE-2013-3557 119 DoS Overflow 2013-05-24 2014-04-19
5.0
None Remote Low Not required None None Partial
The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
32 CVE-2013-3556 DoS 2013-05-24 2013-12-05
5.0
None Remote Low Not required None None Partial
The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
33 CVE-2013-3555 20 DoS 2013-05-24 2013-12-05
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
34 CVE-2013-2488 20 DoS 2013-03-07 2013-11-02
5.0
None Remote Low Not required None None Partial
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.
35 CVE-2012-6062 20 DoS 2012-12-05 2014-04-19
5.0
None Remote Low Not required None None Partial
The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
36 CVE-2012-6061 189 DoS Overflow 2012-12-05 2014-04-19
5.0
None Remote Low Not required None None Partial
The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet.
37 CVE-2012-6060 189 DoS Overflow 2012-12-05 2014-04-19
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
38 CVE-2012-6059 20 DoS 2012-12-05 2013-11-02
5.0
None Remote Low Not required None None Partial
The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
39 CVE-2012-6058 189 DoS Overflow 2012-12-05 2013-11-02
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value.
40 CVE-2012-6057 189 DoS Overflow 2012-12-05 2013-11-02
5.0
None Remote Low Not required None None Partial
The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet.
41 CVE-2012-6056 189 DoS Overflow 2012-12-05 2014-04-19
5.0
None Remote Low Not required None None Partial
Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count.
42 CVE-2012-6055 189 DoS 2012-12-05 2013-11-02
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field.
43 CVE-2012-6054 189 DoS 2012-12-05 2013-11-02
5.0
None Remote Low Not required None None Partial
The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6.
44 CVE-2012-6053 189 DoS 2012-12-05 2013-11-02
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field.
45 CVE-2012-6052 200 +Info 2012-12-05 2013-11-02
5.0
None Remote Low Not required Partial None None
Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files.
46 CVE-2012-5240 119 DoS Overflow 2012-10-04 2013-11-02
5.8
None Local Network Low Not required Partial Partial Partial
Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.
47 CVE-2012-4298 189 Exec Code Overflow 2012-08-16 2013-11-02
5.4
None Local Network Medium Not required Partial Partial Partial
Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow.
48 CVE-2012-4294 119 Exec Code Overflow 2012-08-16 2013-11-02
5.8
None Local Network Low Not required Partial Partial Partial
Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.
49 CVE-2012-4287 399 DoS 2012-08-16 2013-11-02
5.0
None Remote Low Not required None None Partial
epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.
50 CVE-2012-1596 399 DoS 2012-04-11 2012-11-06
5.0
None Remote Low Not required None None Partial
The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt.
Total number of vulnerabilities : 103   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.