| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-0583 |
787 |
|
DoS |
2022-02-14 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
|
2 |
CVE-2022-0581 |
74 |
|
DoS |
2022-02-14 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
|
3 |
CVE-2021-39929 |
674 |
|
DoS |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
4 |
CVE-2021-39928 |
476 |
|
DoS |
2021-11-18 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
5 |
CVE-2021-39926 |
120 |
|
DoS Overflow |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file |
|
6 |
CVE-2021-39925 |
120 |
|
DoS Overflow |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
7 |
CVE-2021-39924 |
834 |
|
DoS |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
8 |
CVE-2021-39923 |
834 |
|
DoS |
2021-11-19 |
2022-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
9 |
CVE-2021-39922 |
120 |
|
DoS Overflow |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
10 |
CVE-2021-39921 |
476 |
|
DoS |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
11 |
CVE-2021-39920 |
476 |
|
DoS |
2021-11-18 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file |
|
12 |
CVE-2021-22235 |
835 |
|
DoS |
2021-07-20 |
2022-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file |
|
13 |
CVE-2021-22222 |
835 |
|
DoS |
2021-06-07 |
2022-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file |
|
14 |
CVE-2021-22207 |
770 |
|
DoS |
2021-04-23 |
2022-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file |
|
15 |
CVE-2021-22174 |
400 |
|
DoS |
2021-02-17 |
2022-05-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file |
|
16 |
CVE-2021-22173 |
401 |
|
DoS |
2021-02-17 |
2022-05-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file |
|
17 |
CVE-2021-4190 |
834 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file |
|
18 |
CVE-2021-4186 |
476 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
|
19 |
CVE-2021-4185 |
835 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
|
20 |
CVE-2021-4184 |
835 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
|
21 |
CVE-2021-4182 |
835 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
|
22 |
CVE-2021-4181 |
125 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
|
23 |
CVE-2020-28030 |
400 |
|
|
2020-11-02 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. |
|
24 |
CVE-2020-26575 |
835 |
|
|
2020-10-06 |
2021-02-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. |
|
25 |
CVE-2020-26422 |
120 |
|
DoS Overflow |
2020-12-21 |
2022-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file |
|
26 |
CVE-2020-26421 |
125 |
|
DoS |
2020-12-11 |
2022-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. |
|
27 |
CVE-2020-26420 |
401 |
|
DoS |
2020-12-11 |
2022-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. |
|
28 |
CVE-2020-26419 |
401 |
|
DoS |
2020-12-11 |
2022-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. |
|
29 |
CVE-2020-26418 |
401 |
|
DoS |
2020-12-11 |
2022-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. |
|
30 |
CVE-2020-25866 |
476 |
|
|
2020-10-06 |
2022-10-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. |
|
31 |
CVE-2020-25863 |
|
|
|
2020-10-06 |
2021-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. |
|
32 |
CVE-2020-25862 |
354 |
|
|
2020-10-06 |
2021-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. |
|
33 |
CVE-2020-15466 |
835 |
|
|
2020-07-05 |
2021-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. |
|
34 |
CVE-2020-13164 |
400 |
|
|
2020-05-19 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. |
|
35 |
CVE-2020-11647 |
74 |
|
|
2020-04-10 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. |
|
36 |
CVE-2020-9431 |
400 |
|
|
2020-02-27 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. |
|
37 |
CVE-2020-9430 |
20 |
|
|
2020-02-27 |
2021-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. |
|
38 |
CVE-2020-9429 |
476 |
|
|
2020-02-27 |
2021-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. |
|
39 |
CVE-2020-9428 |
74 |
|
|
2020-02-27 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. |
|
40 |
CVE-2020-7044 |
125 |
|
|
2020-01-16 |
2022-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. |
|
41 |
CVE-2019-19553 |
909 |
|
|
2019-12-05 |
2021-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. |
|
42 |
CVE-2019-13619 |
119 |
|
Overflow |
2019-07-17 |
2021-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. |
|
43 |
CVE-2019-12295 |
674 |
|
|
2019-05-23 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. |
|
44 |
CVE-2019-10903 |
125 |
|
|
2019-04-09 |
2023-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. |
|
45 |
CVE-2019-10902 |
252 |
|
|
2019-04-09 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. |
|
46 |
CVE-2019-10901 |
476 |
|
|
2019-04-09 |
2023-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. |
|
47 |
CVE-2019-10900 |
835 |
|
|
2019-04-09 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. |
|
48 |
CVE-2019-10899 |
125 |
|
|
2019-04-09 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. |
|
49 |
CVE-2019-10898 |
835 |
|
|
2019-04-09 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. |
|
50 |
CVE-2019-10897 |
835 |
|
|
2019-04-09 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. |
