VYPR

Vendor CVEs

Wireshark

All CVEs

736 total · sorted by risk
  • CVE-2026-6520MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-6519MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5657MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5655MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service

  • CVE-2026-5654MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5653MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5409MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5408MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5407MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5406MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5401MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5299MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-7379MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-7378MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-7376MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-7375MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-6868MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5404MedMay 1, 2026
    risk 0.24cvss 4.7epss 0.00

    K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2010-0304Feb 3, 2010
    risk 0.09cvss epss 0.74

    Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the…

  • CVE-2013-4074Jun 9, 2013
    risk 0.08cvss epss 0.61

    The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service…

  • CVE-2014-2299Mar 11, 2014
    risk 0.07cvss epss 0.47

    Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.

  • CVE-2008-1562Mar 31, 2008
    risk 0.07cvss epss 0.51

    The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.

  • CVE-2011-3360Sep 20, 2011
    risk 0.06cvss epss 0.36

    Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.

  • CVE-2011-1591Apr 29, 2011
    risk 0.06cvss epss 0.42

    Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.

  • CVE-2010-4538Jan 7, 2011
    risk 0.05cvss epss 0.29

    Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE)…

  • CVE-2018-19627Nov 29, 2018
    risk 0.04cvss epss 0.18

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.

  • CVE-2012-1593Apr 11, 2012
    risk 0.04cvss epss 0.11

    epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.

  • CVE-2012-0067Apr 11, 2012
    risk 0.04cvss epss 0.07

    wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.

  • CVE-2011-1143Mar 3, 2011
    risk 0.04cvss epss 0.09

    epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.

  • CVE-2011-1140Mar 3, 2011
    risk 0.04cvss epss 0.13

    Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or…

  • CVE-2011-0538Feb 8, 2011
    risk 0.04cvss epss 0.08

    Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a…

  • CVE-2010-4301Nov 26, 2010
    risk 0.04cvss epss 0.09

    epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.

  • CVE-2010-4300Nov 26, 2010
    risk 0.04cvss epss 0.14

    Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via…

  • CVE-2010-3133Aug 26, 2010
    risk 0.04cvss epss 0.09

    Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located…

  • CVE-2009-3243Sep 18, 2009
    risk 0.04cvss epss 0.07

    Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.

  • CVE-2009-3242Sep 18, 2009
    risk 0.04cvss epss 0.08

    Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.

  • CVE-2009-3241Sep 18, 2009
    risk 0.04cvss epss 0.10

    Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.

  • CVE-2009-1210Apr 1, 2009
    risk 0.04cvss epss 0.15

    Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party…

  • CVE-2008-4682Oct 22, 2008
    risk 0.04cvss epss 0.09

    wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.

  • CVE-2008-1561Mar 31, 2008
    risk 0.04cvss epss 0.09

    Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang.

  • CVE-2007-6113Nov 23, 2007
    risk 0.04cvss epss 0.07

    Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.

  • CVE-2007-3389Jun 26, 2007
    risk 0.04cvss epss 0.16

    Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.

  • CVE-2012-3826Jun 30, 2012
    risk 0.03cvss epss 0.03

    Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.

  • CVE-2012-3825Jun 30, 2012
    risk 0.03cvss epss 0.03

    Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392.

  • CVE-2012-2394Jun 30, 2012
    risk 0.03cvss epss 0.04

    Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo…

  • CVE-2012-2393Jun 30, 2012
    risk 0.03cvss epss 0.04

    epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that…

  • CVE-2012-2392Jun 30, 2012
    risk 0.03cvss epss 0.03

    Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.

  • CVE-2011-3483Sep 20, 2011
    risk 0.03cvss epss 0.06

    Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."

  • CVE-2011-1956Jun 6, 2011
    risk 0.03cvss epss 0.06

    The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic.

  • CVE-2008-3140Jul 10, 2008
    risk 0.03cvss epss 0.05

    The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."

Page 6 of 15