rpm package

opensuse/wireshark&distro=openSUSE Leap 15.6

pkg:rpm/opensuse/wireshark&distro=openSUSE%20Leap%2015.6

Vulnerabilities (29)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-0211	—	< 4.2.6-150600.18.6.1	4.2.6-150600.18.6.1	Jan 3, 2024	DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
CVE-2024-0210	—	< 4.2.6-150600.18.6.1	4.2.6-150600.18.6.1	Jan 3, 2024	Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
CVE-2024-0207	—	< 4.2.6-150600.18.6.1	4.2.6-150600.18.6.1	Jan 3, 2024	HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
CVE-2023-6174	—	< 4.2.6-150600.18.6.1	4.2.6-150600.18.6.1	Nov 16, 2023	SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
CVE-2023-5371	—	< 4.2.6-150600.18.6.1	4.2.6-150600.18.6.1	Oct 4, 2023	RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file
CVE-2023-3649	—	< 4.2.6-150600.18.6.1	4.2.6-150600.18.6.1	Jul 14, 2023	iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
CVE-2023-0666	—	< 4.2.6-150600.18.6.1	4.2.6-150600.18.6.1	Jun 7, 2023	Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
CVE-2023-2854	—	< 4.2.6-150600.18.6.1	4.2.6-150600.18.6.1	May 26, 2023	BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-0414	—	< 4.2.6-150600.18.6.1	4.2.6-150600.18.6.1	Jan 24, 2023	Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file

CVE-2024-0211Jan 3, 2024
affected < 4.2.6-150600.18.6.1fixed 4.2.6-150600.18.6.1
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
CVE-2024-0210Jan 3, 2024
affected < 4.2.6-150600.18.6.1fixed 4.2.6-150600.18.6.1
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
CVE-2024-0207Jan 3, 2024
affected < 4.2.6-150600.18.6.1fixed 4.2.6-150600.18.6.1
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
CVE-2023-6174Nov 16, 2023
affected < 4.2.6-150600.18.6.1fixed 4.2.6-150600.18.6.1
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
CVE-2023-5371Oct 4, 2023
affected < 4.2.6-150600.18.6.1fixed 4.2.6-150600.18.6.1
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file
CVE-2023-3649Jul 14, 2023
affected < 4.2.6-150600.18.6.1fixed 4.2.6-150600.18.6.1
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
CVE-2023-0666Jun 7, 2023
affected < 4.2.6-150600.18.6.1fixed 4.2.6-150600.18.6.1
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
CVE-2023-2854May 26, 2023
affected < 4.2.6-150600.18.6.1fixed 4.2.6-150600.18.6.1
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVE-2023-0414Jan 24, 2023
affected < 4.2.6-150600.18.6.1fixed 4.2.6-150600.18.6.1
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file

Page 2 of 2