CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Wireshark » Wireshark : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-9274 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.
2 CVE-2018-9273 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
3 CVE-2018-9272 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.
4 CVE-2018-9271 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.
5 CVE-2018-9270 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
6 CVE-2018-9269 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
7 CVE-2018-9268 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
8 CVE-2018-9267 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.
9 CVE-2018-9266 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.
10 CVE-2018-9265 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
11 CVE-2018-9264 119 Overflow 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.
12 CVE-2018-9263 189 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.
13 CVE-2018-9262 20 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.
14 CVE-2018-9261 119 Overflow 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.
15 CVE-2018-9260 20 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.
16 CVE-2018-9259 20 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.
17 CVE-2018-9258 20 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.
18 CVE-2018-9257 399 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.
19 CVE-2018-9256 20 2018-04-04 2018-04-17
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.
20 CVE-2018-7421 399 2018-02-23 2018-03-09
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.
21 CVE-2018-7420 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
22 CVE-2018-7419 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.
23 CVE-2018-7418 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
24 CVE-2018-7417 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
25 CVE-2018-7337 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.
26 CVE-2018-7336 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.
27 CVE-2018-7335 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.
28 CVE-2018-7334 74 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.
29 CVE-2018-7333 400 2018-02-23 2018-03-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.
30 CVE-2018-7332 400 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length.
31 CVE-2018-7331 400 2018-02-23 2018-03-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.
32 CVE-2018-7330 400 2018-02-23 2018-03-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.
33 CVE-2018-7329 400 2018-02-23 2018-03-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.
34 CVE-2018-7328 400 2018-02-23 2018-03-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.
35 CVE-2018-7327 400 2018-02-23 2018-03-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.
36 CVE-2018-7326 400 2018-02-23 2018-03-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.
37 CVE-2018-7325 400 2018-02-23 2018-03-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.
38 CVE-2018-7324 400 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.
39 CVE-2018-7323 400 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.
40 CVE-2018-7322 400 2018-02-23 2018-04-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.
41 CVE-2018-7321 400 2018-02-23 2018-03-07
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.
42 CVE-2018-7320 74 2018-02-23 2018-03-09
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.
43 CVE-2018-6836 119 DoS Overflow 2018-02-08 2018-03-10
7.5
None Remote Low Not required Partial Partial Partial
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
44 CVE-2018-5336 119 Overflow 2018-01-11 2018-02-03
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
45 CVE-2018-5335 119 Overflow 2018-01-11 2018-02-03
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.
46 CVE-2018-5334 119 Overflow 2018-01-11 2018-02-03
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.
47 CVE-2017-17997 476 2017-12-30 2018-01-12
5.0
None Remote Low Not required None None Partial
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
48 CVE-2017-17935 119 DoS Overflow 2017-12-27 2018-01-10
5.0
None Remote Low Not required None None Partial
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
49 CVE-2017-17085 754 2017-12-01 2018-02-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
50 CVE-2017-17084 754 2017-12-01 2018-02-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.
Total number of vulnerabilities : 522   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.