The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-02-08
Updated
2020-08-24
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-12-27
Updated
2019-10-03
epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.
Max CVSS
4.3
EPSS Score
0.88%
Published
2011-03-03
Updated
2017-09-19
Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.
Max CVSS
9.3
EPSS Score
2.65%
Published
2011-03-28
Updated
2023-02-13
The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
Max CVSS
3.3
EPSS Score
0.34%
Published
2010-06-15
Updated
2017-09-19
The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
Max CVSS
3.3
EPSS Score
0.17%
Published
2010-06-15
Updated
2017-09-19
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.
Max CVSS
4.3
EPSS Score
0.33%
Published
2010-05-12
Updated
2017-09-19
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
Max CVSS
4.3
EPSS Score
0.57%
Published
2009-12-21
Updated
2017-09-19
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
Max CVSS
9.3
EPSS Score
6.41%
Published
2009-10-30
Updated
2017-09-19
Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Max CVSS
5.0
EPSS Score
3.63%
Published
2009-07-21
Updated
2017-09-19
Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
Max CVSS
5.0
EPSS Score
0.34%
Published
2009-05-29
Updated
2017-09-29
Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
Max CVSS
5.0
EPSS Score
0.34%
Published
2009-04-13
Updated
2018-10-10
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
Max CVSS
4.3
EPSS Score
0.28%
Published
2009-04-13
Updated
2018-10-10
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
Max CVSS
5.0
EPSS Score
0.33%
Published
2009-04-13
Updated
2018-10-10
Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
Max CVSS
5.0
EPSS Score
0.37%
Published
2008-12-01
Updated
2018-10-11
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
Max CVSS
5.0
EPSS Score
0.35%
Published
2008-10-22
Updated
2018-10-11
packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.
Max CVSS
4.3
EPSS Score
0.34%
Published
2008-10-22
Updated
2018-10-11
The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
Max CVSS
5.0
EPSS Score
0.86%
Published
2008-10-22
Updated
2018-10-11
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
Max CVSS
4.3
EPSS Score
0.34%
Published
2008-10-22
Updated
2018-10-11
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.
Max CVSS
3.3
EPSS Score
0.13%
Published
2008-09-04
Updated
2018-10-11
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.
Max CVSS
5.0
EPSS Score
0.42%
Published
2008-09-04
Updated
2023-02-13
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.
Max CVSS
10.0
EPSS Score
0.95%
Published
2008-09-02
Updated
2018-10-11
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.
Max CVSS
5.0
EPSS Score
0.35%
Published
2008-07-16
Updated
2018-10-11
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
Max CVSS
5.0
EPSS Score
0.37%
Published
2008-07-10
Updated
2018-10-11
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
Max CVSS
5.0
EPSS Score
0.37%
Published
2008-07-10
Updated
2018-10-11