cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.
Source: Austin Hackers Anonymous
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-08-25
Updated
2023-09-15
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.46%
Published
2020-10-06
Updated
2021-02-11
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.14%
Published
2018-07-20
Updated
2018-09-17
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-02-08
Updated
2020-08-24
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.14%
Published
2017-12-30
Updated
2019-03-01
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-12-27
Updated
2019-10-03
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.20%
Published
2017-10-10
Updated
2019-03-01
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.28%
Published
2017-08-30
Updated
2019-10-03
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.34%
Published
2017-08-30
Updated
2017-12-11
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.29%
Published
2017-08-30
Updated
2019-10-03
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.21%
Published
2017-07-18
Updated
2019-10-03
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.19%
Published
2017-07-18
Updated
2019-10-03
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.30%
Published
2017-07-18
Updated
2019-10-03
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.32%
Published
2017-07-18
Updated
2018-02-04
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.39%
Published
2017-07-18
Updated
2019-03-01
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.30%
Published
2017-07-18
Updated
2019-10-03
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.40%
Published
2017-06-02
Updated
2019-03-20
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.32%
Published
2017-06-02
Updated
2019-10-03
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.34%
Published
2017-06-02
Updated
2019-03-20
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.40%
Published
2017-06-02
Updated
2019-10-03
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.30%
Published
2017-06-02
Updated
2019-10-03
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.31%
Published
2017-06-02
Updated
2019-10-03
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.31%
Published
2017-06-02
Updated
2019-10-03
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.30%
Published
2017-06-02
Updated
2019-03-27
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.35%
Published
2017-06-02
Updated
2019-03-19
85 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!