VYPR

Vendor CVEs

Wireshark

All CVEs

736 total · sorted by risk
  • CVE-2021-39922Nov 19, 2021
    risk 0.00cvss epss 0.05

    Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

  • CVE-2021-39920Nov 18, 2021
    risk 0.00cvss epss 0.03

    NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file

  • CVE-2021-39928Nov 18, 2021
    risk 0.00cvss epss 0.06

    NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

  • CVE-2021-22235Jul 20, 2021
    risk 0.00cvss epss 0.03

    Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file

  • CVE-2021-22222Jun 7, 2021
    risk 0.00cvss epss 0.02

    Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file

  • CVE-2021-22207Apr 23, 2021
    risk 0.00cvss epss 0.02

    Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file

  • CVE-2021-22191Mar 15, 2021
    risk 0.00cvss epss 0.04

    Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.

  • CVE-2021-22173Feb 17, 2021
    risk 0.00cvss epss 0.02

    Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

  • CVE-2021-22174Feb 17, 2021
    risk 0.00cvss epss 0.03

    Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

  • CVE-2020-26422Dec 21, 2020
    risk 0.00cvss epss 0.05

    Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

  • CVE-2020-26418Dec 11, 2020
    risk 0.00cvss epss 0.03

    Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

  • CVE-2020-26421Dec 11, 2020
    risk 0.00cvss epss 0.03

    Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

  • CVE-2020-26420Dec 11, 2020
    risk 0.00cvss epss 0.03

    Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

  • CVE-2020-26419Dec 11, 2020
    risk 0.00cvss epss 0.03

    Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.

  • CVE-2020-28030Oct 30, 2020
    risk 0.00cvss epss 0.02

    In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.

  • CVE-2020-26575Oct 6, 2020
    risk 0.00cvss epss 0.03

    In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.

  • CVE-2020-25863Oct 6, 2020
    risk 0.00cvss epss 0.05

    In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

  • CVE-2020-25866Oct 6, 2020
    risk 0.00cvss epss 0.04

    In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and…

  • CVE-2020-25862Oct 6, 2020
    risk 0.00cvss epss 0.02

    In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.

  • CVE-2020-17498Aug 13, 2020
    risk 0.00cvss epss 0.03

    In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.

  • CVE-2020-15466Jul 5, 2020
    risk 0.00cvss epss 0.03

    In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.

  • CVE-2020-13164May 19, 2020
    risk 0.00cvss epss 0.03

    In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.

  • CVE-2020-11647Apr 10, 2020
    risk 0.00cvss epss 0.03

    In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.

  • CVE-2020-9429Feb 27, 2020
    risk 0.00cvss epss 0.02

    In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.

  • CVE-2020-9430Feb 27, 2020
    risk 0.00cvss epss 0.03

    In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.

  • CVE-2020-9431Feb 27, 2020
    risk 0.00cvss epss 0.03

    In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.

  • CVE-2020-7045Jan 16, 2020
    risk 0.00cvss epss 0.01

    In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.

  • CVE-2020-7044Jan 16, 2020
    risk 0.00cvss epss 0.03

    In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.

  • CVE-2019-19553Dec 5, 2019
    risk 0.00cvss epss 0.04

    In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.

  • CVE-2019-16319Sep 15, 2019
    risk 0.00cvss epss 0.04

    In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

  • CVE-2019-12295May 23, 2019
    risk 0.00cvss epss 0.04

    In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

  • CVE-2019-10902Apr 9, 2019
    risk 0.00cvss epss 0.05

    In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.

  • CVE-2019-10900Apr 9, 2019
    risk 0.00cvss epss 0.05

    In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.

  • CVE-2019-10898Apr 9, 2019
    risk 0.00cvss epss 0.05

    In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.

  • CVE-2019-10897Apr 9, 2019
    risk 0.00cvss epss 0.05

    In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.

  • CVE-2019-9209Feb 28, 2019
    risk 0.00cvss epss 0.01

    In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.

  • CVE-2019-9214Feb 28, 2019
    risk 0.00cvss epss 0.04

    In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.

  • CVE-2019-9208Feb 28, 2019
    risk 0.00cvss epss 0.04

    In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.

  • CVE-2019-5719Jan 8, 2019
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.

  • CVE-2019-5716Jan 8, 2019
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.

  • CVE-2019-5717Jan 8, 2019
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.

  • CVE-2019-5721Jan 8, 2019
    risk 0.00cvss epss 0.01

    In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.

  • CVE-2019-5718Jan 8, 2019
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.

  • CVE-2018-19626Nov 29, 2018
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.

  • CVE-2018-19622Nov 29, 2018
    risk 0.00cvss epss 0.03

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.

  • CVE-2018-19623Nov 29, 2018
    risk 0.00cvss epss 0.04

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain…

  • CVE-2018-19624Nov 29, 2018
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.

  • CVE-2018-19628Nov 29, 2018
    risk 0.00cvss epss 0.03

    In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.

  • CVE-2018-19625Nov 29, 2018
    risk 0.00cvss epss 0.01

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.

  • CVE-2018-18225Oct 12, 2018
    risk 0.00cvss epss 0.03

    In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.

Page 9 of 15