| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-0586 |
835 |
|
DoS |
2022-02-14 |
2022-11-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
|
2 |
CVE-2022-0582 |
74 |
|
DoS |
2022-02-14 |
2022-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
|
3 |
CVE-2019-16319 |
835 |
|
|
2019-09-15 |
2021-02-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. |
|
4 |
CVE-2018-18226 |
772 |
|
|
2018-10-12 |
2020-03-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. |
|
5 |
CVE-2018-14368 |
835 |
|
|
2018-07-19 |
2020-03-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. |
|
6 |
CVE-2018-14342 |
834 |
|
|
2018-07-19 |
2020-03-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. |
|
7 |
CVE-2018-14341 |
190 |
|
Overflow |
2018-07-19 |
2020-03-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. |
|
8 |
CVE-2018-6836 |
763 |
|
DoS |
2018-02-08 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. |
|
9 |
CVE-2017-15193 |
400 |
|
|
2017-10-10 |
2017-10-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. |
|
10 |
CVE-2017-13767 |
20 |
|
|
2017-08-30 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. |
|
11 |
CVE-2017-11411 |
20 |
|
|
2017-07-18 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. |
|
12 |
CVE-2017-11410 |
20 |
|
|
2017-07-18 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. |
|
13 |
CVE-2017-11409 |
834 |
|
|
2017-07-18 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. |
|
14 |
CVE-2017-11406 |
835 |
|
|
2017-07-18 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. |
|
15 |
CVE-2017-9352 |
835 |
|
|
2017-06-02 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. |
|
16 |
CVE-2017-9350 |
20 |
|
|
2017-06-02 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. |
|
17 |
CVE-2017-9349 |
835 |
|
|
2017-06-02 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. |
|
18 |
CVE-2017-9346 |
835 |
|
|
2017-06-02 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. |
|
19 |
CVE-2017-9345 |
835 |
|
|
2017-06-02 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. |
|
20 |
CVE-2017-7748 |
835 |
|
|
2017-04-12 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check. |
|
21 |
CVE-2017-7745 |
835 |
|
|
2017-04-12 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. |
|
22 |
CVE-2017-7705 |
835 |
|
|
2017-04-12 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. |
|
23 |
CVE-2017-7704 |
835 |
|
|
2017-04-12 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. |
|
24 |
CVE-2017-7702 |
835 |
|
|
2017-04-12 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. |
|
25 |
CVE-2017-7701 |
835 |
|
|
2017-04-12 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type. |
|
26 |
CVE-2017-7700 |
835 |
|
|
2017-04-12 |
2019-10-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. |
|
27 |
CVE-2017-6470 |
835 |
|
|
2017-03-04 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. |
|
28 |
CVE-2017-6014 |
835 |
|
|
2017-02-17 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. |
|
29 |
CVE-2016-2523 |
399 |
|
DoS |
2016-02-28 |
2017-09-08 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. |
|
30 |
CVE-2016-2521 |
264 |
|
+Priv |
2016-02-28 |
2017-09-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. |
|
31 |
CVE-2015-3812 |
399 |
|
DoS |
2015-05-26 |
2019-12-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. |
|
32 |
CVE-2015-3810 |
399 |
|
DoS |
2015-05-26 |
2017-07-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. |
|
33 |
CVE-2015-3809 |
189 |
|
DoS |
2015-05-26 |
2017-07-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. |
|
34 |
CVE-2015-3808 |
189 |
|
DoS |
2015-05-26 |
2017-07-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. |
|
35 |
CVE-2013-4929 |
189 |
|
DoS |
2013-07-30 |
2017-09-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. |
|
36 |
CVE-2013-4928 |
189 |
|
DoS |
2013-07-30 |
2017-09-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. |
|
37 |
CVE-2013-4927 |
189 |
|
DoS |
2013-07-30 |
2017-09-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. |
|
38 |
CVE-2013-3561 |
189 |
|
DoS Overflow |
2013-05-25 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. |
|
39 |
CVE-2013-2487 |
189 |
|
DoS |
2013-03-07 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. |
|
40 |
CVE-2010-4300 |
119 |
1
|
DoS Exec Code Overflow Mem. Corr. |
2010-11-26 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. |
|
41 |
CVE-2010-0304 |
119 |
1
|
DoS Overflow |
2010-02-03 |
2017-09-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function. |
|
42 |
CVE-2009-3241 |
|
|
DoS |
2009-09-18 |
2017-09-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. |
|
43 |
CVE-2009-2563 |
|
|
DoS |
2009-07-21 |
2017-09-19 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors. |
|
44 |
CVE-2007-6119 |
|
|
DoS |
2007-11-23 |
2018-10-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. |
|
45 |
CVE-2007-6118 |
|
|
DoS |
2007-11-23 |
2018-10-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. |
|
46 |
CVE-2007-6111 |
|
|
DoS |
2007-11-23 |
2018-10-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. |
|
47 |
CVE-2007-3391 |
20 |
|
DoS |
2007-06-26 |
2017-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. |
|
48 |
CVE-2006-3630 |
189 |
|
|
2006-07-21 |
2018-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors. |
