VYPR

Wireshark

by Wireshark

Source repositories

CVEs (736)

  • CVE-2017-6467HigMar 4, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size.

  • CVE-2017-6014HigFeb 17, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero…

  • CVE-2017-5597HigJan 25, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.

  • CVE-2017-5596HigJan 25, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.

  • CVE-2016-5350HigAug 7, 2016
    risk 0.49cvss 7.5epss 0.03

    epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

  • CVE-2011-1142HigMar 3, 2011
    risk 0.49cvss 7.5epss 0.03

    Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values.

  • CVE-2006-4574HigOct 28, 2006
    risk 0.49cvss 7.5epss 0.04

    Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.

  • CVE-2026-5405HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

  • CVE-2026-5403HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

  • CVE-2018-5335MedJan 11, 2018
    risk 0.42cvss 6.5epss 0.02

    In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.

  • CVE-2018-5334MedJan 11, 2018
    risk 0.42cvss 6.5epss 0.02

    In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.

  • CVE-2017-7700MedApr 12, 2017
    risk 0.42cvss 6.5epss 0.02

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.

  • CVE-2016-6512MedAug 6, 2016
    risk 0.42cvss 5.9epss 0.08

    epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.

  • CVE-2016-6505MedAug 6, 2016
    risk 0.42cvss 5.9epss 0.08

    epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.

  • CVE-2016-6504MedAug 6, 2016
    risk 0.42cvss 5.9epss 0.07

    epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.

  • CVE-2016-6503MedAug 6, 2016
    risk 0.42cvss 5.9epss 0.06

    The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

  • CVE-2026-5656HigMay 1, 2026
    risk 0.39cvss 7.0epss 0.00

    Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

  • CVE-2016-9372MedNov 17, 2016
    risk 0.39cvss 5.9epss 0.02

    In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.

  • CVE-2016-7180MedSep 9, 2016
    risk 0.39cvss 5.9epss 0.02

    epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.

  • CVE-2016-7179MedSep 9, 2016
    risk 0.39cvss 5.9epss 0.03

    Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Page 7 of 37