Filtered by vendor Wireshark
Subscribe
Total
647 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4418 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. | |||||
CVE-2015-6242 | 2 Oracle, Wireshark | 2 Solaris, Wireshark | 2024-02-04 | 4.3 MEDIUM | N/A |
The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. | |||||
CVE-2016-2532 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. | |||||
CVE-2015-3906 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 5.0 MEDIUM | N/A |
The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. | |||||
CVE-2016-5359 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. | |||||
CVE-2016-5356 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
CVE-2016-7177 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. | |||||
CVE-2015-8726 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. | |||||
CVE-2015-6243 | 2 Oracle, Wireshark | 3 Linux, Solaris, Wireshark | 2024-02-04 | 4.3 MEDIUM | N/A |
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. | |||||
CVE-2015-8741 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2016-2529 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. | |||||
CVE-2016-6508 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. | |||||
CVE-2016-4085 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. | |||||
CVE-2016-5358 | 2 Oracle, Wireshark | 2 Solaris, Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2016-4415 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. | |||||
CVE-2015-3809 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 7.8 HIGH | N/A |
The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
CVE-2015-8737 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | |||||
CVE-2015-4651 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2024-02-04 | 5.0 MEDIUM | N/A |
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2015-8720 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2015-8740 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.3 MEDIUM |
The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. |