cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
Max CVSS
7.5
EPSS Score
0.46%
Published
2020-10-06
Updated
2021-02-11
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
Max CVSS
7.5
EPSS Score
0.14%
Published
2018-07-20
Updated
2018-09-17
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-02-08
Updated
2020-08-24
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
Max CVSS
7.5
EPSS Score
0.14%
Published
2017-12-30
Updated
2019-03-01
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-12-27
Updated
2019-10-03
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
Max CVSS
7.8
EPSS Score
0.30%
Published
2017-02-17
Updated
2019-10-03
epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.
Max CVSS
4.3
EPSS Score
0.88%
Published
2011-03-03
Updated
2017-09-19
epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.
Max CVSS
4.3
EPSS Score
0.97%
Published
2011-03-03
Updated
2017-09-19

CVE-2011-1140

Public exploit
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
Max CVSS
4.3
EPSS Score
2.07%
Published
2011-03-03
Updated
2017-09-19
Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.
Max CVSS
9.3
EPSS Score
2.65%
Published
2011-03-28
Updated
2023-02-13
Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.
Max CVSS
9.3
EPSS Score
1.81%
Published
2010-08-26
Updated
2017-09-19
The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.
Max CVSS
10.0
EPSS Score
2.05%
Published
2010-08-13
Updated
2017-09-19
Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.
Max CVSS
10.0
EPSS Score
0.38%
Published
2010-08-13
Updated
2017-09-19
Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
Max CVSS
8.3
EPSS Score
51.63%
Published
2010-06-15
Updated
2017-09-19
The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
Max CVSS
3.3
EPSS Score
0.34%
Published
2010-06-15
Updated
2017-09-19
The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
Max CVSS
3.3
EPSS Score
0.17%
Published
2010-06-15
Updated
2017-09-19
Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
Max CVSS
8.3
EPSS Score
51.63%
Published
2010-06-15
Updated
2017-09-19
The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
Max CVSS
3.3
EPSS Score
0.17%
Published
2010-06-15
Updated
2017-09-19
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.
Max CVSS
4.3
EPSS Score
0.33%
Published
2010-05-12
Updated
2017-09-19

CVE-2010-0304

Public exploit
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
Max CVSS
7.5
EPSS Score
94.08%
Published
2010-02-03
Updated
2017-09-19
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
Max CVSS
4.3
EPSS Score
0.67%
Published
2009-12-21
Updated
2017-09-19
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
Max CVSS
9.3
EPSS Score
5.20%
Published
2009-10-30
Updated
2017-09-19
The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.18%
Published
2009-10-30
Updated
2023-02-13
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
Max CVSS
7.8
EPSS Score
7.06%
Published
2009-09-18
Updated
2017-09-19
Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Max CVSS
5.0
EPSS Score
3.63%
Published
2009-07-21
Updated
2017-09-19
53 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!