CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Wireshark : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-18227 476 2018-10-12 2018-11-29
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
2 CVE-2018-18226 399 2018-10-12 2018-11-29
7.8
None Remote Low Not required None None Complete
In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach.
3 CVE-2018-18225 20 2018-10-12 2018-11-29
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.
4 CVE-2018-16058 74 2018-08-29 2018-10-30
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.
5 CVE-2018-16057 74 2018-08-29 2018-10-30
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
6 CVE-2018-16056 74 2018-08-29 2018-10-30
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.
7 CVE-2018-14438 20 2018-07-19 2018-09-17
5.0
None Remote Low Not required None Partial None
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
8 CVE-2018-14370 125 2018-07-18 2018-09-21
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.
9 CVE-2018-14369 20 2018-07-18 2018-09-21
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.
10 CVE-2018-14368 399 2018-07-18 2018-09-21
7.8
None Remote Low Not required None None Complete
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
11 CVE-2018-14367 19 2018-07-18 2018-09-21
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
12 CVE-2018-14344 125 2018-07-18 2018-09-21
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.
13 CVE-2018-14343 190 2018-07-18 2018-09-21
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
14 CVE-2018-14342 20 2018-07-18 2018-09-21
7.8
None Remote Low Not required None None Complete
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
15 CVE-2018-14341 119 Overflow 2018-07-18 2018-09-21
7.8
None Remote Low Not required None None Complete
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
16 CVE-2018-14340 125 2018-07-18 2018-09-21
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
17 CVE-2018-14339 119 Overflow 2018-07-18 2018-09-21
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
18 CVE-2018-11362 119 Overflow 2018-05-22 2018-06-12
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
19 CVE-2018-11361 119 Overflow 2018-05-22 2018-06-12
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.
20 CVE-2018-11360 119 Overflow 2018-05-22 2018-06-12
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
21 CVE-2018-11359 476 2018-05-22 2018-06-12
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
22 CVE-2018-11358 416 2018-05-22 2018-06-12
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.
23 CVE-2018-11357 399 2018-05-22 2018-06-12
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
24 CVE-2018-11356 476 2018-05-22 2018-06-12
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
25 CVE-2018-11355 119 Overflow 2018-05-22 2018-06-12
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
26 CVE-2018-11354 20 2018-05-22 2018-06-12
5.0
None Remote Low Not required None None Partial
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
27 CVE-2018-9274 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.
28 CVE-2018-9273 399 2018-04-04 2018-06-05
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
29 CVE-2018-9272 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.
30 CVE-2018-9271 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.
31 CVE-2018-9270 399 2018-04-04 2018-05-29
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
32 CVE-2018-9269 399 2018-04-04 2018-05-29
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
33 CVE-2018-9268 399 2018-04-04 2018-05-29
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
34 CVE-2018-9267 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.
35 CVE-2018-9266 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.
36 CVE-2018-9265 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
37 CVE-2018-9264 119 Overflow 2018-04-04 2018-06-05
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.
38 CVE-2018-9263 189 2018-04-04 2018-05-29
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.
39 CVE-2018-9262 20 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.
40 CVE-2018-9261 119 Overflow 2018-04-04 2018-06-05
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.
41 CVE-2018-9260 20 2018-04-04 2018-05-29
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.
42 CVE-2018-9259 20 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.
43 CVE-2018-9258 20 2018-04-04 2018-05-29
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.
44 CVE-2018-9257 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.
45 CVE-2018-9256 20 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.
46 CVE-2018-7421 399 2018-02-23 2018-03-09
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.
47 CVE-2018-7420 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
48 CVE-2018-7419 74 2018-02-23 2018-06-05
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.
49 CVE-2018-7418 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
50 CVE-2018-7417 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
Total number of vulnerabilities : 548   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.