| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-2879 |
835 |
|
DoS |
2023-05-26 |
2023-05-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file |
|
2 |
CVE-2023-2858 |
787 |
|
DoS |
2023-05-26 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file |
|
3 |
CVE-2023-2857 |
787 |
|
DoS |
2023-05-26 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file |
|
4 |
CVE-2023-2856 |
787 |
|
DoS |
2023-05-26 |
2023-05-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file |
|
5 |
CVE-2023-2855 |
787 |
|
DoS |
2023-05-26 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file |
|
6 |
CVE-2023-2854 |
787 |
|
DoS |
2023-05-26 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file |
|
7 |
CVE-2023-1994 |
400 |
|
DoS |
2023-04-12 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file |
|
8 |
CVE-2023-1993 |
834 |
|
DoS |
2023-04-12 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file |
|
9 |
CVE-2023-1992 |
400 |
|
DoS |
2023-04-12 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file |
|
10 |
CVE-2023-1161 |
|
|
DoS |
2023-03-06 |
2023-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file |
|
11 |
CVE-2023-0417 |
404 |
|
DoS |
2023-01-26 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
|
12 |
CVE-2023-0416 |
404 |
|
DoS |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
|
13 |
CVE-2023-0415 |
404 |
|
DoS |
2023-01-26 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
|
14 |
CVE-2023-0414 |
404 |
|
DoS |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file |
|
15 |
CVE-2023-0413 |
404 |
|
DoS |
2023-01-26 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
|
16 |
CVE-2023-0412 |
404 |
|
DoS |
2023-01-26 |
2023-02-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
|
17 |
CVE-2023-0411 |
834 |
|
DoS |
2023-01-26 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
|
18 |
CVE-2022-4345 |
835 |
|
DoS |
2023-01-12 |
2023-02-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file |
|
19 |
CVE-2022-4344 |
400 |
|
DoS |
2023-01-12 |
2023-02-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file |
|
20 |
CVE-2022-3725 |
787 |
|
DoS |
2022-10-27 |
2023-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file |
|
21 |
CVE-2022-3190 |
835 |
|
DoS |
2022-09-13 |
2023-02-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file |
|
22 |
CVE-2022-0586 |
835 |
|
DoS |
2022-02-14 |
2022-11-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
|
23 |
CVE-2022-0585 |
834 |
|
DoS |
2022-02-18 |
2022-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file |
|
24 |
CVE-2022-0583 |
787 |
|
DoS |
2022-02-14 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
|
25 |
CVE-2022-0582 |
74 |
|
DoS |
2022-02-14 |
2022-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
|
26 |
CVE-2022-0581 |
74 |
|
DoS |
2022-02-14 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
|
27 |
CVE-2021-39929 |
674 |
|
DoS |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
28 |
CVE-2021-39928 |
476 |
|
DoS |
2021-11-18 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
29 |
CVE-2021-39926 |
120 |
|
DoS Overflow |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file |
|
30 |
CVE-2021-39925 |
120 |
|
DoS Overflow |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
31 |
CVE-2021-39924 |
834 |
|
DoS |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
32 |
CVE-2021-39923 |
834 |
|
DoS |
2021-11-19 |
2022-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
33 |
CVE-2021-39922 |
120 |
|
DoS Overflow |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
34 |
CVE-2021-39921 |
476 |
|
DoS |
2021-11-19 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
|
35 |
CVE-2021-39920 |
476 |
|
DoS |
2021-11-18 |
2022-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file |
|
36 |
CVE-2021-22235 |
835 |
|
DoS |
2021-07-20 |
2022-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file |
|
37 |
CVE-2021-22222 |
835 |
|
DoS |
2021-06-07 |
2022-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file |
|
38 |
CVE-2021-22207 |
770 |
|
DoS |
2021-04-23 |
2022-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file |
|
39 |
CVE-2021-22191 |
74 |
|
Exec Code |
2021-03-15 |
2022-05-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. |
|
40 |
CVE-2021-22174 |
400 |
|
DoS |
2021-02-17 |
2022-05-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file |
|
41 |
CVE-2021-22173 |
401 |
|
DoS |
2021-02-17 |
2022-05-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file |
|
42 |
CVE-2021-4190 |
834 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file |
|
43 |
CVE-2021-4186 |
476 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
|
44 |
CVE-2021-4185 |
835 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
|
45 |
CVE-2021-4184 |
835 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
|
46 |
CVE-2021-4182 |
835 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
|
47 |
CVE-2021-4181 |
125 |
|
DoS |
2021-12-30 |
2022-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
|
48 |
CVE-2020-28030 |
400 |
|
|
2020-11-02 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. |
|
49 |
CVE-2020-26575 |
835 |
|
|
2020-10-06 |
2021-02-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. |
|
50 |
CVE-2020-26421 |
125 |
|
DoS |
2020-12-11 |
2022-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. |
