CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Wireshark : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-0417 404 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
2 CVE-2023-0416 404 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
3 CVE-2023-0415 404 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
4 CVE-2023-0414 404 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file
5 CVE-2023-0413 404 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
6 CVE-2023-0412 404 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
7 CVE-2023-0411 834 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
8 CVE-2022-4345 835 DoS 2023-01-12 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
9 CVE-2022-4344 400 DoS 2023-01-12 2023-01-19
0.0
None ??? ??? ??? ??? ??? ???
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
10 CVE-2022-3725 787 DoS 2022-10-27 2023-02-03
0.0
None ??? ??? ??? ??? ??? ???
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file
11 CVE-2022-3190 835 DoS 2022-09-13 2022-12-17
0.0
None ??? ??? ??? ??? ??? ???
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
12 CVE-2022-0586 835 DoS 2022-02-14 2022-11-04
7.8
None Remote Low Not required None None Complete
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
13 CVE-2022-0585 834 DoS 2022-02-18 2022-11-04
4.3
None Remote Medium Not required None None Partial
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
14 CVE-2022-0583 787 DoS 2022-02-14 2022-11-04
5.0
None Remote Low Not required None None Partial
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
15 CVE-2022-0582 74 DoS 2022-02-14 2022-11-04
7.5
None Remote Low Not required Partial Partial Partial
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
16 CVE-2022-0581 74 DoS 2022-02-14 2022-11-04
5.0
None Remote Low Not required None None Partial
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
17 CVE-2021-39929 674 DoS 2021-11-19 2022-10-28
5.0
None Remote Low Not required None None Partial
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
18 CVE-2021-39928 476 DoS 2021-11-18 2022-10-28
5.0
None Remote Low Not required None None Partial
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
19 CVE-2021-39926 120 DoS Overflow 2021-11-19 2022-10-28
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
20 CVE-2021-39925 120 DoS Overflow 2021-11-19 2022-10-28
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
21 CVE-2021-39924 834 DoS 2021-11-19 2022-10-28
5.0
None Remote Low Not required None None Partial
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
22 CVE-2021-39923 834 DoS 2021-11-19 2022-03-09
5.0
None Remote Low Not required None None Partial
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
23 CVE-2021-39922 120 DoS Overflow 2021-11-19 2022-10-28
5.0
None Remote Low Not required None None Partial
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
24 CVE-2021-39921 476 DoS 2021-11-19 2022-10-28
5.0
None Remote Low Not required None None Partial
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
25 CVE-2021-39920 476 DoS 2021-11-18 2022-10-28
5.0
None Remote Low Not required None None Partial
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
26 CVE-2021-22235 835 DoS 2021-07-20 2022-11-03
5.0
None Remote Low Not required None None Partial
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file
27 CVE-2021-22222 835 DoS 2021-06-07 2022-04-01
5.0
None Remote Low Not required None None Partial
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file
28 CVE-2021-22207 770 DoS 2021-04-23 2022-03-31
5.0
None Remote Low Not required None None Partial
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
29 CVE-2021-22191 74 Exec Code 2021-03-15 2022-05-27
6.8
None Remote Medium Not required Partial Partial Partial
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
30 CVE-2021-22174 400 DoS 2021-02-17 2022-05-27
5.0
None Remote Low Not required None None Partial
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
31 CVE-2021-22173 401 DoS 2021-02-17 2022-05-27
5.0
None Remote Low Not required None None Partial
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
32 CVE-2021-4190 834 DoS 2021-12-30 2022-11-04
5.0
None Remote Low Not required None None Partial
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file
33 CVE-2021-4186 476 DoS 2021-12-30 2022-11-04
5.0
None Remote Low Not required None None Partial
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
34 CVE-2021-4185 835 DoS 2021-12-30 2022-11-04
5.0
None Remote Low Not required None None Partial
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
35 CVE-2021-4184 835 DoS 2021-12-30 2022-11-04
5.0
None Remote Low Not required None None Partial
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
36 CVE-2021-4183 125 DoS 2021-12-30 2022-11-04
4.3
None Remote Medium Not required None None Partial
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
37 CVE-2021-4182 835 DoS 2021-12-30 2022-11-04
5.0
None Remote Low Not required None None Partial
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
38 CVE-2021-4181 125 DoS 2021-12-30 2022-11-04
5.0
None Remote Low Not required None None Partial
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
39 CVE-2020-28030 400 2020-11-02 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.
40 CVE-2020-26575 835 2020-10-06 2021-02-11
5.0
None Remote Low Not required None None Partial
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
41 CVE-2020-26422 120 DoS Overflow 2020-12-21 2022-09-02
5.0
None Remote Low Not required None None Partial
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
42 CVE-2020-26421 125 DoS 2020-12-11 2022-09-02
5.0
None Remote Low Not required None None Partial
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
43 CVE-2020-26420 401 DoS 2020-12-11 2022-09-02
5.0
None Remote Low Not required None None Partial
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
44 CVE-2020-26419 401 DoS 2020-12-11 2022-09-02
5.0
None Remote Low Not required None None Partial
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
45 CVE-2020-26418 401 DoS 2020-12-11 2022-09-02
5.0
None Remote Low Not required None None Partial
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
46 CVE-2020-25866 476 2020-10-06 2022-10-07
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
47 CVE-2020-25863 2020-10-06 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
48 CVE-2020-25862 354 2020-10-06 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
49 CVE-2020-17498 415 2020-08-13 2022-09-02
4.3
None Remote Medium Not required None None Partial
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
50 CVE-2020-15466 835 2020-07-05 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
Total number of vulnerabilities : 629   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.