Wireshark
by Wireshark
Source repositories
CVEs (736)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-39929 | 0.00 | — | 0.04 | Nov 19, 2021 | Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-39920 | 0.00 | — | 0.03 | Nov 18, 2021 | NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-39928 | 0.00 | — | 0.06 | Nov 18, 2021 | NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-22235 | 0.00 | — | 0.03 | Jul 20, 2021 | Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-22222 | 0.00 | — | 0.02 | Jun 7, 2021 | Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-22207 | 0.00 | — | 0.02 | Apr 23, 2021 | Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-22191 | 0.00 | — | 0.04 | Mar 15, 2021 | Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. | |||
| CVE-2021-22173 | 0.00 | — | 0.02 | Feb 17, 2021 | Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-22174 | 0.00 | — | 0.03 | Feb 17, 2021 | Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file | |||
| CVE-2020-26422 | 0.00 | — | 0.05 | Dec 21, 2020 | Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file | |||
| CVE-2020-26418 | 0.00 | — | 0.03 | Dec 11, 2020 | Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-26421 | 0.00 | — | 0.03 | Dec 11, 2020 | Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-26420 | 0.00 | — | 0.03 | Dec 11, 2020 | Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-26419 | 0.00 | — | 0.03 | Dec 11, 2020 | Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. | |||
| CVE-2020-28030 | 0.00 | — | 0.02 | Oct 30, 2020 | In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | |||
| CVE-2020-26575 | 0.00 | — | 0.03 | Oct 6, 2020 | In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. | |||
| CVE-2020-25863 | 0.00 | — | 0.05 | Oct 6, 2020 | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. | |||
| CVE-2020-25866 | 0.00 | — | 0.04 | Oct 6, 2020 | In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and… | |||
| CVE-2020-25862 | 0.00 | — | 0.02 | Oct 6, 2020 | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. | |||
| CVE-2020-17498 | 0.00 | — | 0.03 | Aug 13, 2020 | In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. |
- CVE-2021-39929Nov 19, 2021risk 0.00cvss —epss 0.04
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
- CVE-2021-39920Nov 18, 2021risk 0.00cvss —epss 0.03
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
- CVE-2021-39928Nov 18, 2021risk 0.00cvss —epss 0.06
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
- CVE-2021-22235Jul 20, 2021risk 0.00cvss —epss 0.03
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file
- CVE-2021-22222Jun 7, 2021risk 0.00cvss —epss 0.02
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file
- CVE-2021-22207Apr 23, 2021risk 0.00cvss —epss 0.02
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
- CVE-2021-22191Mar 15, 2021risk 0.00cvss —epss 0.04
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
- CVE-2021-22173Feb 17, 2021risk 0.00cvss —epss 0.02
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
- CVE-2021-22174Feb 17, 2021risk 0.00cvss —epss 0.03
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
- CVE-2020-26422Dec 21, 2020risk 0.00cvss —epss 0.05
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
- CVE-2020-26418Dec 11, 2020risk 0.00cvss —epss 0.03
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
- CVE-2020-26421Dec 11, 2020risk 0.00cvss —epss 0.03
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
- CVE-2020-26420Dec 11, 2020risk 0.00cvss —epss 0.03
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
- CVE-2020-26419Dec 11, 2020risk 0.00cvss —epss 0.03
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
- CVE-2020-28030Oct 30, 2020risk 0.00cvss —epss 0.02
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.
- CVE-2020-26575Oct 6, 2020risk 0.00cvss —epss 0.03
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
- CVE-2020-25863Oct 6, 2020risk 0.00cvss —epss 0.05
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
- CVE-2020-25866Oct 6, 2020risk 0.00cvss —epss 0.04
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and…
- CVE-2020-25862Oct 6, 2020risk 0.00cvss —epss 0.02
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
- CVE-2020-17498Aug 13, 2020risk 0.00cvss —epss 0.03
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
Page 21 of 37