VYPR

Wireshark

by Wireshark

Source repositories

CVEs (736)

  • CVE-2016-4415MedMay 1, 2016
    risk 0.38cvss 5.9epss 0.02

    wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.

  • CVE-2016-4084MedApr 25, 2016
    risk 0.38cvss 5.9epss 0.02

    Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size.

  • CVE-2016-4083MedApr 25, 2016
    risk 0.38cvss 5.9epss 0.02

    epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

  • CVE-2016-4076MedApr 25, 2016
    risk 0.38cvss 5.9epss 0.02

    epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

  • CVE-2016-2524MedFeb 28, 2016
    risk 0.38cvss 5.9epss 0.02

    epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

  • CVE-2015-8740MedJan 4, 2016
    risk 0.38cvss 5.3epss 0.07

    The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application…

  • CVE-2026-9759MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service

  • CVE-2017-9617MedJun 14, 2017
    risk 0.36cvss 5.5epss 0.01

    In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.

  • CVE-2017-9616MedJun 14, 2017
    risk 0.36cvss 5.5epss 0.01

    In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.

  • CVE-2016-2529MedFeb 28, 2016
    risk 0.36cvss 5.5epss 0.01

    The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and…

  • CVE-2016-2527MedFeb 28, 2016
    risk 0.36cvss 5.5epss 0.01

    wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and…

  • CVE-2015-8742MedJan 4, 2016
    risk 0.36cvss 5.5epss 0.01

    The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted…

  • CVE-2015-8741MedJan 4, 2016
    risk 0.36cvss 5.5epss 0.01

    The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

  • CVE-2015-8738MedJan 4, 2016
    risk 0.36cvss 5.5epss 0.01

    The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error…

  • CVE-2015-8737MedJan 4, 2016
    risk 0.36cvss 5.5epss 0.01

    The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.

  • CVE-2015-8734MedJan 4, 2016
    risk 0.36cvss 5.5epss 0.01

    The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

  • CVE-2015-8722MedJan 4, 2016
    risk 0.36cvss 5.5epss 0.02

    epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.

  • CVE-2015-8721MedJan 4, 2016
    risk 0.36cvss 5.5epss 0.02

    Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression.

  • CVE-2015-8720MedJan 4, 2016
    risk 0.36cvss 5.5epss 0.02

    The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a…

  • CVE-2015-8719MedJan 4, 2016
    risk 0.36cvss 5.5epss 0.02

    The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Page 11 of 37