VYPR
Vendor

Ethereal Group

Products
1
CVEs
137
Across products
137
Status
Private

Products

1

Recent CVEs

137
View all 137 CVEs →
  • CVE-2018-6836CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.03

    The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2003-0356CriJun 9, 2003
    risk 0.64cvss 9.8epss 0.10

    Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and…

  • CVE-2018-14438HigJul 20, 2018
    risk 0.49cvss 7.5epss 0.01

    In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

  • CVE-2017-11409HigJul 18, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.

  • CVE-2016-7958HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector.

  • CVE-2016-7957HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings.

  • CVE-2004-0365HigMay 4, 2004
    risk 0.49cvss 7.5epss 0.06

    The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.

  • CVE-2003-1013HigJan 5, 2004
    risk 0.49cvss 7.5epss 0.03

    The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.

  • CVE-2002-0401HigJun 18, 2002
    risk 0.49cvss 7.5epss 0.06

    SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

  • CVE-2016-4081MedApr 25, 2016
    risk 0.39cvss 5.9epss 0.02

    epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

  • CVE-2004-0176May 4, 2004
    risk 0.08cvss epss 0.67

    Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.

  • CVE-2005-3243Oct 27, 2005
    risk 0.04cvss epss 0.11

    Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow remote attackers to execute arbitrary code via unknown vectors in the (1) SLIMP3 and (2) AgentX dissector.

  • CVE-2005-1461May 5, 2005
    risk 0.04cvss epss 0.07

    Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in…

  • CVE-2005-0739May 2, 2005
    risk 0.04cvss epss 0.08

    The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and…

  • CVE-2004-0633Dec 6, 2004
    risk 0.04cvss epss 0.18

    The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

  • CVE-2000-0333May 31, 1999
    risk 0.04cvss epss 0.08

    tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.

  • CVE-2005-2367Aug 10, 2005
    risk 0.03cvss epss 0.06

    Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.

  • CVE-2005-1470May 5, 2005
    risk 0.03cvss epss 0.05

    Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.

  • CVE-2000-1174Jan 9, 2001
    risk 0.03cvss epss 0.06

    Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.

  • CVE-2019-10903Apr 9, 2019
    risk 0.01cvss epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.