VYPR

Wireshark

by Wireshark

Source repositories

CVEs (736)

  • CVE-2019-5716Jan 8, 2019
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.

  • CVE-2019-5718Jan 8, 2019
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.

  • CVE-2019-5721Jan 8, 2019
    risk 0.00cvss epss 0.01

    In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.

  • CVE-2018-19625Nov 29, 2018
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.

  • CVE-2018-19622Nov 29, 2018
    risk 0.00cvss epss 0.03

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.

  • CVE-2018-19623Nov 29, 2018
    risk 0.00cvss epss 0.04

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain…

  • CVE-2018-19626Nov 29, 2018
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.

  • CVE-2018-19628Nov 29, 2018
    risk 0.00cvss epss 0.03

    In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.

  • CVE-2018-19624Nov 29, 2018
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.

  • CVE-2018-18226Oct 12, 2018
    risk 0.00cvss epss 0.03

    In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach.

  • CVE-2018-18225Oct 12, 2018
    risk 0.00cvss epss 0.03

    In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.

  • CVE-2018-18227Oct 12, 2018
    risk 0.00cvss epss 0.03

    In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.

  • CVE-2015-7830Nov 15, 2015
    risk 0.00cvss epss 0.03

    The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet…

  • CVE-2015-6249Aug 24, 2015
    risk 0.00cvss epss 0.03

    The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service…

  • CVE-2015-6248Aug 24, 2015
    risk 0.00cvss epss 0.03

    The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

  • CVE-2015-6247Aug 24, 2015
    risk 0.00cvss epss 0.03

    The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

  • CVE-2015-6246Aug 24, 2015
    risk 0.00cvss epss 0.03

    The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

  • CVE-2015-6245Aug 24, 2015
    risk 0.00cvss epss 0.03

    epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

  • CVE-2015-6244Aug 24, 2015
    risk 0.00cvss epss 0.03

    The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a…

  • CVE-2015-6243Aug 24, 2015
    risk 0.00cvss epss 0.03

    The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle…

Page 23 of 37