VYPR

Vendor CVEs

Wireshark

All CVEs

736 total · sorted by risk
  • CVE-2008-1563Mar 31, 2008
    risk 0.03cvss epss 0.04

    The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

  • CVE-2020-9428Feb 27, 2020
    risk 0.01cvss epss 0.03

    In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.

  • CVE-2019-13619Jul 17, 2019
    risk 0.01cvss epss 0.06

    In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.

  • CVE-2019-10903Apr 9, 2019
    risk 0.01cvss epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.

  • CVE-2019-10901Apr 9, 2019
    risk 0.01cvss epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.

  • CVE-2019-10899Apr 9, 2019
    risk 0.01cvss epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.

  • CVE-2019-10896Apr 9, 2019
    risk 0.01cvss epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.

  • CVE-2019-10895Apr 9, 2019
    risk 0.01cvss epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.

  • CVE-2019-10894Apr 9, 2019
    risk 0.01cvss epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.

  • CVE-2011-0444Jan 13, 2011
    risk 0.01cvss epss 0.07

    Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.

  • CVE-2010-2995Aug 13, 2010
    risk 0.01cvss epss 0.07

    The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error,…

  • CVE-2009-4376Dec 21, 2009
    risk 0.01cvss epss 0.07

    Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.

  • CVE-2007-6115Nov 23, 2007
    risk 0.01cvss epss 0.06

    Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.

  • CVE-2007-6114Nov 23, 2007
    risk 0.01cvss epss 0.06

    Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.

  • CVE-2007-6112Nov 23, 2007
    risk 0.01cvss epss 0.06

    Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

  • CVE-2006-3632Jul 21, 2006
    risk 0.01cvss epss 0.07

    Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.

  • CVE-2026-3203Feb 25, 2026
    risk 0.00cvss epss 0.00

    RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

  • CVE-2026-3202Feb 25, 2026
    risk 0.00cvss epss 0.00

    NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service

  • CVE-2026-3201Feb 25, 2026
    risk 0.00cvss epss 0.00

    USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

  • CVE-2026-0961Jan 14, 2026
    risk 0.00cvss epss 0.00

    BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

  • CVE-2026-0962Jan 14, 2026
    risk 0.00cvss epss 0.00

    SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

  • CVE-2026-0960Jan 14, 2026
    risk 0.00cvss epss 0.00

    HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service

  • CVE-2026-0959Jan 14, 2026
    risk 0.00cvss epss 0.00

    IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

  • CVE-2025-13946Dec 3, 2025
    risk 0.00cvss epss 0.00

    MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service

  • CVE-2025-13945Dec 3, 2025
    risk 0.00cvss epss 0.00

    HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

  • CVE-2025-13674Nov 26, 2025
    risk 0.00cvss epss 0.00

    BPv7 dissector crash in Wireshark 4.6.0 allows denial of service

  • CVE-2025-13499Nov 21, 2025
    risk 0.00cvss epss 0.00

    Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service

  • CVE-2025-11626Oct 10, 2025
    risk 0.00cvss epss 0.00

    MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service

  • CVE-2025-9817Sep 3, 2025
    risk 0.00cvss epss 0.00

    SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service

  • CVE-2025-5601Jun 4, 2025
    risk 0.00cvss epss 0.00

    Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

  • CVE-2025-1492Feb 20, 2025
    risk 0.00cvss epss 0.00

    Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

  • CVE-2024-11596Nov 21, 2024
    risk 0.00cvss epss 0.00

    ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file

  • CVE-2024-11595Nov 21, 2024
    risk 0.00cvss epss 0.00

    FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file

  • CVE-2024-9781Oct 10, 2024
    risk 0.00cvss epss 0.00

    AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

  • CVE-2024-9780Oct 10, 2024
    risk 0.00cvss epss 0.00

    ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file

  • CVE-2024-8645Sep 10, 2024
    risk 0.00cvss epss 0.00

    SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file

  • CVE-2024-8250Aug 28, 2024
    risk 0.00cvss epss 0.00

    NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file

  • CVE-2024-4854May 14, 2024
    risk 0.00cvss epss 0.01

    MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

  • CVE-2024-2955Mar 26, 2024
    risk 0.00cvss epss 0.01

    T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file

  • CVE-2023-6175Mar 26, 2024
    risk 0.00cvss epss 0.03

    NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file

  • CVE-2024-24479Feb 21, 2024
    risk 0.00cvss epss 0.01

    A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

  • CVE-2024-24476Feb 21, 2024
    risk 0.00cvss epss 0.01

    A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

  • CVE-2024-24478Feb 21, 2024
    risk 0.00cvss epss 0.01

    An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other…

  • CVE-2024-0211Jan 3, 2024
    risk 0.00cvss epss 0.01

    DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

  • CVE-2024-0210Jan 3, 2024
    risk 0.00cvss epss 0.00

    Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

  • CVE-2024-0209Jan 3, 2024
    risk 0.00cvss epss 0.01

    IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

  • CVE-2024-0208Jan 3, 2024
    risk 0.00cvss epss 0.02

    GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

  • CVE-2024-0207Jan 3, 2024
    risk 0.00cvss epss 0.00

    HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

  • CVE-2023-6174Nov 16, 2023
    risk 0.00cvss epss 0.01

    SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file

  • CVE-2023-5371Oct 4, 2023
    risk 0.00cvss epss 0.00

    RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file

Page 7 of 15