Wireshark : Security Vulnerabilities, CVEs, Published In 2008 (Denial of service)
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.
Max CVSS
10.0
EPSS Score
0.95%
Published
2008-09-02
Updated
2018-10-11
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
Max CVSS
5.0
EPSS Score
0.40%
Published
2008-02-28
Updated
2018-10-11
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang.
Max CVSS
5.0
EPSS Score
2.40%
Published
2008-03-31
Updated
2018-10-11
CVE-2008-1562
Public exploit
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Max CVSS
5.0
EPSS Score
1.69%
Published
2008-03-31
Updated
2018-10-11
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
Max CVSS
5.0
EPSS Score
0.37%
Published
2008-07-10
Updated
2018-10-11
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
Max CVSS
5.0
EPSS Score
0.37%
Published
2008-07-10
Updated
2018-10-11
The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."
Max CVSS
5.0
EPSS Score
1.23%
Published
2008-07-10
Updated
2018-10-11
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.
Max CVSS
5.0
EPSS Score
0.35%
Published
2008-07-16
Updated
2018-10-11
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.
Max CVSS
5.0
EPSS Score
0.42%
Published
2008-09-04
Updated
2023-02-13
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
Max CVSS
5.0
EPSS Score
1.48%
Published
2008-10-22
Updated
2018-10-11
The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
Max CVSS
5.0
EPSS Score
0.86%
Published
2008-10-22
Updated
2018-10-11
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
Max CVSS
5.0
EPSS Score
0.35%
Published
2008-10-22
Updated
2018-10-11
Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
Max CVSS
5.0
EPSS Score
0.37%
Published
2008-12-01
Updated
2018-10-11
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.
Max CVSS
4.7
EPSS Score
0.21%
Published
2008-02-28
Updated
2018-10-11
The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
Max CVSS
4.3
EPSS Score
0.38%
Published
2008-02-28
Updated
2018-10-11
The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Max CVSS
4.3
EPSS Score
1.88%
Published
2008-03-31
Updated
2018-10-11
The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
Max CVSS
4.3
EPSS Score
0.51%
Published
2008-07-10
Updated
2018-10-11
packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
Max CVSS
4.3
EPSS Score
0.72%
Published
2008-10-22
Updated
2018-10-11
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
Max CVSS
4.3
EPSS Score
0.34%
Published
2008-10-22
Updated
2018-10-11
packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.
Max CVSS
4.3
EPSS Score
0.34%
Published
2008-10-22
Updated
2018-10-11
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.
Max CVSS
3.3
EPSS Score
0.13%
Published
2008-09-04
Updated
2018-10-11
Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
Max CVSS
3.3
EPSS Score
0.13%
Published
2008-09-04
Updated
2018-10-11
22 vulnerabilities found