Wireshark
by Wireshark
Source repositories
CVEs (736)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24479 | 0.00 | — | 0.01 | Feb 21, 2024 | A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. | |||
| CVE-2024-24478 | 0.00 | — | 0.01 | Feb 21, 2024 | An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other… | |||
| CVE-2024-24476 | 0.00 | — | 0.01 | Feb 21, 2024 | A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. | |||
| CVE-2024-0211 | 0.00 | — | 0.01 | Jan 3, 2024 | DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file | |||
| CVE-2024-0210 | 0.00 | — | 0.00 | Jan 3, 2024 | Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file | |||
| CVE-2024-0209 | 0.00 | — | 0.01 | Jan 3, 2024 | IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file | |||
| CVE-2024-0208 | 0.00 | — | 0.02 | Jan 3, 2024 | GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file | |||
| CVE-2024-0207 | 0.00 | — | 0.00 | Jan 3, 2024 | HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file | |||
| CVE-2023-6174 | 0.00 | — | 0.01 | Nov 16, 2023 | SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file | |||
| CVE-2023-5371 | 0.00 | — | 0.00 | Oct 4, 2023 | RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file | |||
| CVE-2023-2906 | 0.00 | — | 0.03 | Aug 25, 2023 | Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. | |||
| CVE-2023-4513 | 0.00 | — | 0.00 | Aug 24, 2023 | BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file | |||
| CVE-2023-4512 | 0.00 | — | 0.00 | Aug 24, 2023 | CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file | |||
| CVE-2023-4511 | 0.00 | — | 0.00 | Aug 24, 2023 | BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file | |||
| CVE-2023-3649 | 0.00 | — | 0.00 | Jul 14, 2023 | iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file | |||
| CVE-2023-3648 | 0.00 | — | 0.00 | Jul 14, 2023 | Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file | |||
| CVE-2023-0667 | 0.00 | — | 0.02 | Jun 7, 2023 | Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark | |||
| CVE-2023-0668 | 0.00 | — | 0.02 | Jun 7, 2023 | Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. | |||
| CVE-2023-0666 | 0.00 | — | 0.02 | Jun 7, 2023 | Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. | |||
| CVE-2023-2952 | 0.00 | — | 0.01 | May 30, 2023 | XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file |
- CVE-2024-24479Feb 21, 2024risk 0.00cvss —epss 0.01
A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
- CVE-2024-24478Feb 21, 2024risk 0.00cvss —epss 0.01
An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other…
- CVE-2024-24476Feb 21, 2024risk 0.00cvss —epss 0.01
A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
- CVE-2024-0211Jan 3, 2024risk 0.00cvss —epss 0.01
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
- CVE-2024-0210Jan 3, 2024risk 0.00cvss —epss 0.00
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
- CVE-2024-0209Jan 3, 2024risk 0.00cvss —epss 0.01
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
- CVE-2024-0208Jan 3, 2024risk 0.00cvss —epss 0.02
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
- CVE-2024-0207Jan 3, 2024risk 0.00cvss —epss 0.00
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
- CVE-2023-6174Nov 16, 2023risk 0.00cvss —epss 0.01
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
- CVE-2023-5371Oct 4, 2023risk 0.00cvss —epss 0.00
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file
- CVE-2023-2906Aug 25, 2023risk 0.00cvss —epss 0.03
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.
- CVE-2023-4513Aug 24, 2023risk 0.00cvss —epss 0.00
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
- CVE-2023-4512Aug 24, 2023risk 0.00cvss —epss 0.00
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
- CVE-2023-4511Aug 24, 2023risk 0.00cvss —epss 0.00
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
- CVE-2023-3649Jul 14, 2023risk 0.00cvss —epss 0.00
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
- CVE-2023-3648Jul 14, 2023risk 0.00cvss —epss 0.00
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file
- CVE-2023-0667Jun 7, 2023risk 0.00cvss —epss 0.02
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
- CVE-2023-0668Jun 7, 2023risk 0.00cvss —epss 0.02
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
- CVE-2023-0666Jun 7, 2023risk 0.00cvss —epss 0.02
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
- CVE-2023-2952May 30, 2023risk 0.00cvss —epss 0.01
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
Page 18 of 37