cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.
Max CVSS
10.0
EPSS Score
0.95%
Published
2008-09-02
Updated
2018-10-11
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
93.90%
Published
2009-04-01
Updated
2018-10-10
Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.23%
Published
2009-04-21
Updated
2018-10-10
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-02-08
Updated
2020-08-24
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
Max CVSS
9.3
EPSS Score
6.41%
Published
2009-10-30
Updated
2017-09-19
Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.
Max CVSS
9.3
EPSS Score
1.81%
Published
2010-08-26
Updated
2017-09-19
Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.
Max CVSS
9.3
EPSS Score
2.65%
Published
2011-03-28
Updated
2023-02-13
Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
Max CVSS
8.3
EPSS Score
51.63%
Published
2010-06-15
Updated
2017-09-19
Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
Max CVSS
8.3
EPSS Score
51.63%
Published
2010-06-15
Updated
2017-09-19
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
Max CVSS
7.8
EPSS Score
7.06%
Published
2009-09-18
Updated
2017-09-19
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
Max CVSS
7.8
EPSS Score
0.30%
Published
2017-02-17
Updated
2019-10-03
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-12-27
Updated
2019-10-03
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
Max CVSS
7.5
EPSS Score
0.14%
Published
2017-12-30
Updated
2019-03-01
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
Max CVSS
7.5
EPSS Score
0.14%
Published
2018-07-20
Updated
2018-09-17
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
Max CVSS
7.5
EPSS Score
0.46%
Published
2020-10-06
Updated
2021-02-11
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
Max CVSS
5.0
EPSS Score
0.40%
Published
2008-02-28
Updated
2018-10-11
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang.
Max CVSS
5.0
EPSS Score
2.40%
Published
2008-03-31
Updated
2018-10-11

CVE-2008-1562

Public exploit
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Max CVSS
5.0
EPSS Score
1.69%
Published
2008-03-31
Updated
2018-10-11
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
Max CVSS
5.0
EPSS Score
0.37%
Published
2008-07-10
Updated
2018-10-11
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
Max CVSS
5.0
EPSS Score
0.37%
Published
2008-07-10
Updated
2018-10-11
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.
Max CVSS
5.0
EPSS Score
0.35%
Published
2008-07-16
Updated
2018-10-11
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.
Max CVSS
5.0
EPSS Score
0.42%
Published
2008-09-04
Updated
2023-02-13
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
Max CVSS
5.0
EPSS Score
1.48%
Published
2008-10-22
Updated
2018-10-11
The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
Max CVSS
5.0
EPSS Score
0.86%
Published
2008-10-22
Updated
2018-10-11
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
Max CVSS
5.0
EPSS Score
0.35%
Published
2008-10-22
Updated
2018-10-11
50 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!