Vulnerabilities (CVE)

Filtered by vendor Wireshark Subscribe
Filtered by product Wireshark
Total 650 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13619 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
CVE-2019-10896 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
CVE-2019-10894 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
CVE-2019-10903 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
CVE-2019-12295 4 Canonical, Debian, F5 and 1 more 16 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 13 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.
CVE-2019-16319 3 Debian, Opensuse, Wireshark 3 Debian Linux, Leap, Wireshark 2024-02-04 7.8 HIGH 7.5 HIGH
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
CVE-2019-10895 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
CVE-2019-10900 2 Fedoraproject, Wireshark 2 Fedora, Wireshark 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
CVE-2019-10898 2 Fedoraproject, Wireshark 2 Fedora, Wireshark 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.
CVE-2018-14369 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.
CVE-2019-5718 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.
CVE-2018-14343 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
CVE-2018-19624 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
CVE-2018-14367 1 Wireshark 1 Wireshark 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
CVE-2019-5717 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.
CVE-2018-19627 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
CVE-2018-14342 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-04 7.8 HIGH 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
CVE-2018-19628 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
CVE-2018-14344 1 Wireshark 1 Wireshark 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.
CVE-2018-16056 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.