VYPR

Wireshark

by Wireshark

Source repositories

CVEs (736)

  • CVE-2018-7330HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.

  • CVE-2018-7329HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.

  • CVE-2018-7328HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.

  • CVE-2018-7327HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.

  • CVE-2018-7326HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.

  • CVE-2018-7325HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.

  • CVE-2018-7324HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.

  • CVE-2018-7323HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.

  • CVE-2018-7322HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.

  • CVE-2018-7321HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.

  • CVE-2018-7320HigFeb 23, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.

  • CVE-2018-5336HigJan 11, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.

  • CVE-2017-17997HigDec 30, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.

  • CVE-2017-17935HigDec 27, 2017
    risk 0.49cvss 7.5epss 0.03

    The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted…

  • CVE-2017-17084HigDec 1, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.

  • CVE-2017-17083HigDec 1, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.

  • CVE-2017-15193HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.

  • CVE-2017-15192HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.

  • CVE-2017-15191HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.

  • CVE-2017-15190HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.

Page 4 of 37