Wireshark : Security Vulnerabilities, CVEs,
CVE-2014-2299
Public exploit
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
Max CVSS
9.3
EPSS Score
95.27%
Published
2014-03-11
Updated
2016-06-02
CVE-2013-4074
Public exploit
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
5.0
EPSS Score
6.09%
Published
2013-06-09
Updated
2018-10-30
CVE-2011-3360
Public exploit
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
Max CVSS
9.3
EPSS Score
97.43%
Published
2011-09-20
Updated
2017-09-19
CVE-2011-1591
Public exploit
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
Max CVSS
9.3
EPSS Score
96.38%
Published
2011-04-29
Updated
2017-09-19
CVE-2011-1140
Public exploit
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
Max CVSS
4.3
EPSS Score
2.07%
Published
2011-03-03
Updated
2017-09-19
CVE-2010-0304
Public exploit
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
Max CVSS
7.5
EPSS Score
93.85%
Published
2010-02-03
Updated
2017-09-19
CVE-2008-1562
Public exploit
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Max CVSS
5.0
EPSS Score
1.69%
Published
2008-03-31
Updated
2018-10-11
CVE-2007-3389
Public exploit
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
Max CVSS
5.0
EPSS Score
1.09%
Published
2007-06-26
Updated
2017-10-11
8 vulnerabilities found