cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.46%
Published
2020-10-06
Updated
2021-02-11
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.14%
Published
2018-07-20
Updated
2018-09-17
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-02-08
Updated
2020-08-24
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.14%
Published
2017-12-30
Updated
2019-03-01
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-12-27
Updated
2019-10-03
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.30%
Published
2017-02-17
Updated
2019-10-03
epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-06
Updated
2016-11-28
Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.35%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-06
Updated
2016-11-28
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
1.37%
Published
2016-08-06
Updated
2017-09-03
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
1.31%
Published
2016-08-06
Updated
2017-09-03
epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.25%
Published
2016-08-07
Updated
2016-11-28
wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.25%
Published
2016-08-07
Updated
2016-11-28
wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-07
Updated
2016-11-28
wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.31%
Published
2016-08-07
Updated
2016-11-28
The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.32%
Published
2016-08-07
Updated
2016-11-28
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.32%
Published
2016-08-07
Updated
2016-11-28
epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.97%
Published
2016-08-07
Updated
2016-11-28
epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.36%
Published
2016-08-07
Updated
2016-11-28
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.33%
Published
2016-05-01
Updated
2016-12-03
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.30%
Published
2016-05-01
Updated
2016-12-03
Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.30%
Published
2016-05-01
Updated
2016-12-03
60 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!