Wireshark : Security Vulnerabilities (CVSS score between 6 and 6.99)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-22191 |
74 |
|
Exec Code |
2021-03-15 |
2022-05-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. |
2 |
CVE-2013-2486 |
189 |
|
DoS |
2013-03-07 |
2018-10-30 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. |
3 |
CVE-2013-2485 |
|
|
DoS |
2013-03-07 |
2018-10-30 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
4 |
CVE-2013-2482 |
|
|
DoS |
2013-03-07 |
2018-10-30 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. |
5 |
CVE-2013-2476 |
399 |
|
DoS |
2013-03-07 |
2018-10-30 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. |
6 |
CVE-2011-0713 |
119 |
|
DoS Overflow |
2011-03-03 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. |
7 |
CVE-2011-0538 |
119 |
|
DoS Overflow Mem. Corr. |
2011-02-08 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. |
8 |
CVE-2007-6439 |
399 |
|
DoS |
2007-12-19 |
2018-10-15 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119. |
Total number of vulnerabilities :
8
Page :
1
(This Page)