Wireshark
by Wireshark
Source repositories
CVEs (736)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6472 | 0.00 | — | 0.02 | Mar 14, 2009 | The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | |||
| CVE-2009-0601 | 0.00 | — | 0.00 | Feb 16, 2009 | Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. | |||
| CVE-2009-0600 | 0.00 | — | 0.02 | Feb 16, 2009 | Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. | |||
| CVE-2009-0599 | 0.00 | — | 0.03 | Feb 16, 2009 | Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. | |||
| CVE-2008-5285 | 0.00 | — | 0.02 | Dec 1, 2008 | Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. | |||
| CVE-2008-4685 | 0.00 | — | 0.02 | Oct 22, 2008 | Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. | |||
| CVE-2008-4684 | 0.00 | — | 0.02 | Oct 22, 2008 | packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post… | |||
| CVE-2008-4683 | 0.00 | — | 0.02 | Oct 22, 2008 | The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. | |||
| CVE-2008-4681 | 0.00 | — | 0.02 | Oct 22, 2008 | Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. | |||
| CVE-2008-4680 | 0.00 | — | 0.03 | Oct 22, 2008 | packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). | |||
| CVE-2008-3932 | 0.00 | — | 0.02 | Sep 4, 2008 | Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. | |||
| CVE-2008-3933 | 0.00 | — | 0.01 | Sep 4, 2008 | Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. | |||
| CVE-2008-3934 | 0.00 | — | 0.01 | Sep 4, 2008 | Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. | |||
| CVE-2008-3146 | 0.00 | — | 0.04 | Sep 2, 2008 | Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. | |||
| CVE-2008-3145 | 0.00 | — | 0.02 | Jul 16, 2008 | The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. | |||
| CVE-2008-3139 | 0.00 | — | 0.03 | Jul 10, 2008 | The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. | |||
| CVE-2008-3141 | 0.00 | — | 0.01 | Jul 10, 2008 | Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. | |||
| CVE-2008-3138 | 0.00 | — | 0.02 | Jul 10, 2008 | The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. | |||
| CVE-2008-3137 | 0.00 | — | 0.02 | Jul 10, 2008 | The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | |||
| CVE-2008-1072 | 0.00 | — | 0.01 | Feb 28, 2008 | The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. |
- CVE-2008-6472Mar 14, 2009risk 0.00cvss —epss 0.02
The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
- CVE-2009-0601Feb 16, 2009risk 0.00cvss —epss 0.00
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.
- CVE-2009-0600Feb 16, 2009risk 0.00cvss —epss 0.02
Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
- CVE-2009-0599Feb 16, 2009risk 0.00cvss —epss 0.03
Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.
- CVE-2008-5285Dec 1, 2008risk 0.00cvss —epss 0.02
Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
- CVE-2008-4685Oct 22, 2008risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
- CVE-2008-4684Oct 22, 2008risk 0.00cvss —epss 0.02
packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post…
- CVE-2008-4683Oct 22, 2008risk 0.00cvss —epss 0.02
The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.
- CVE-2008-4681Oct 22, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
- CVE-2008-4680Oct 22, 2008risk 0.00cvss —epss 0.03
packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
- CVE-2008-3932Sep 4, 2008risk 0.00cvss —epss 0.02
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.
- CVE-2008-3933Sep 4, 2008risk 0.00cvss —epss 0.01
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.
- CVE-2008-3934Sep 4, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
- CVE-2008-3146Sep 2, 2008risk 0.00cvss —epss 0.04
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.
- CVE-2008-3145Jul 16, 2008risk 0.00cvss —epss 0.02
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.
- CVE-2008-3139Jul 10, 2008risk 0.00cvss —epss 0.03
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
- CVE-2008-3141Jul 10, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
- CVE-2008-3138Jul 10, 2008risk 0.00cvss —epss 0.02
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
- CVE-2008-3137Jul 10, 2008risk 0.00cvss —epss 0.02
The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
- CVE-2008-1072Feb 28, 2008risk 0.00cvss —epss 0.01
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.
Page 35 of 37