rpm package
almalinux/wireshark
pkg:rpm/almalinux/wireshark
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3203 | — | < 1:4.4.2-4.el10_1.4 | 1:4.4.2-4.el10_1.4 | Feb 25, 2026 | RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | ||
| CVE-2026-3201 | — | < 1:4.4.2-4.el10_1.4 | 1:4.4.2-4.el10_1.4 | Feb 25, 2026 | USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | ||
| CVE-2025-13499 | — | < 1:4.4.2-4.el10_1.1 | 1:4.4.2-4.el10_1.1 | Nov 21, 2025 | Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service | ||
| CVE-2025-9817 | — | < 1:4.4.2-4.el10_1.2 | 1:4.4.2-4.el10_1.2 | Sep 3, 2025 | SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service | ||
| CVE-2025-1492 | — | < 1:4.4.2-3.el10_0 | 1:4.4.2-3.el10_0 | Feb 20, 2025 | Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file | ||
| CVE-2023-0668 | — | < 1:3.4.10-6.el9 | 1:3.4.10-6.el9 | Jun 7, 2023 | Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. | ||
| CVE-2023-0666 | — | < 1:3.4.10-6.el9 | 1:3.4.10-6.el9 | Jun 7, 2023 | Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. | ||
| CVE-2023-2952 | — | < 1:3.4.10-6.el9 | 1:3.4.10-6.el9 | May 30, 2023 | XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file | ||
| CVE-2023-2858 | — | < 1:3.4.10-6.el9 | 1:3.4.10-6.el9 | May 26, 2023 | NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | ||
| CVE-2023-2856 | — | < 1:3.4.10-6.el9 | 1:3.4.10-6.el9 | May 26, 2023 | VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | ||
| CVE-2023-2855 | — | < 1:3.4.10-6.el9 | 1:3.4.10-6.el9 | May 26, 2023 | Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | ||
| CVE-2022-3190 | — | < 1:3.4.10-4.el9 | 1:3.4.10-4.el9 | Sep 13, 2022 | Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file |
- CVE-2026-3203Feb 25, 2026affected < 1:4.4.2-4.el10_1.4fixed 1:4.4.2-4.el10_1.4
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
- CVE-2026-3201Feb 25, 2026affected < 1:4.4.2-4.el10_1.4fixed 1:4.4.2-4.el10_1.4
USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service
- CVE-2025-13499Nov 21, 2025affected < 1:4.4.2-4.el10_1.1fixed 1:4.4.2-4.el10_1.1
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service
- CVE-2025-9817Sep 3, 2025affected < 1:4.4.2-4.el10_1.2fixed 1:4.4.2-4.el10_1.2
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service
- CVE-2025-1492Feb 20, 2025affected < 1:4.4.2-3.el10_0fixed 1:4.4.2-3.el10_0
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file
- CVE-2023-0668Jun 7, 2023affected < 1:3.4.10-6.el9fixed 1:3.4.10-6.el9
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
- CVE-2023-0666Jun 7, 2023affected < 1:3.4.10-6.el9fixed 1:3.4.10-6.el9
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
- CVE-2023-2952May 30, 2023affected < 1:3.4.10-6.el9fixed 1:3.4.10-6.el9
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
- CVE-2023-2858May 26, 2023affected < 1:3.4.10-6.el9fixed 1:3.4.10-6.el9
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
- CVE-2023-2856May 26, 2023affected < 1:3.4.10-6.el9fixed 1:3.4.10-6.el9
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
- CVE-2023-2855May 26, 2023affected < 1:3.4.10-6.el9fixed 1:3.4.10-6.el9
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
- CVE-2022-3190Sep 13, 2022affected < 1:3.4.10-4.el9fixed 1:3.4.10-4.el9
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file