Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-16057 | 5.0 |
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
|
15-10-2020 - 16:13 | 30-08-2018 - 01:29 | |
CVE-2018-7417 | 5.0 |
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
|
24-08-2020 - 17:37 | 23-02-2018 - 22:29 | |
CVE-2018-19626 | 4.3 |
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.
|
24-08-2020 - 17:37 | 29-11-2018 - 04:29 | |
CVE-2018-7420 | 5.0 |
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.
|
24-08-2020 - 17:37 | 23-02-2018 - 22:29 | |
CVE-2018-7323 | 5.0 |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.
|
24-08-2020 - 17:37 | 23-02-2018 - 22:29 | |
CVE-2018-7418 | 5.0 |
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
|
24-08-2020 - 17:37 | 23-02-2018 - 22:29 | |
CVE-2018-7336 | 5.0 |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer.
|
24-08-2020 - 17:37 | 23-02-2018 - 22:29 | |
CVE-2018-16058 | 5.0 |
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.
|
24-08-2020 - 17:37 | 30-08-2018 - 01:29 | |
CVE-2018-19625 | 4.3 |
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
|
20-03-2020 - 01:15 | 29-11-2018 - 04:29 | |
CVE-2018-19624 | 4.3 |
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
|
20-03-2020 - 01:15 | 29-11-2018 - 04:29 | |
CVE-2018-19622 | 5.0 |
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
|
20-03-2020 - 01:15 | 29-11-2018 - 04:29 | |
CVE-2018-19623 | 5.0 |
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.
|
20-03-2020 - 01:15 | 29-11-2018 - 04:29 | |
CVE-2018-11356 | 5.0 |
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
|
20-03-2020 - 01:15 | 22-05-2018 - 21:29 | |
CVE-2018-11357 | 5.0 |
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
|
20-03-2020 - 01:15 | 22-05-2018 - 21:29 | |
CVE-2018-11359 | 5.0 |
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
|
20-03-2020 - 01:15 | 22-05-2018 - 21:29 | |
CVE-2018-7322 | 5.0 |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound.
|
03-10-2019 - 00:03 | 23-02-2018 - 22:29 | |
CVE-2018-9270 | 5.0 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
|
03-10-2019 - 00:03 | 04-04-2018 - 07:29 | |
CVE-2017-7700 | 7.1 |
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.
|
03-10-2019 - 00:03 | 12-04-2017 - 23:59 | |
CVE-2018-9267 | 5.0 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.
|
03-10-2019 - 00:03 | 04-04-2018 - 07:29 | |
CVE-2018-7331 | 5.0 |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length.
|
03-10-2019 - 00:03 | 23-02-2018 - 22:29 | |
CVE-2018-9263 | 5.0 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.
|
03-10-2019 - 00:03 | 04-04-2018 - 07:29 | |
CVE-2017-7746 | 5.0 |
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining leng
|
03-10-2019 - 00:03 | 12-04-2017 - 23:59 | |
CVE-2018-9269 | 5.0 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
|
03-10-2019 - 00:03 | 04-04-2018 - 07:29 | |
CVE-2018-7324 | 5.0 |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.
|
03-10-2019 - 00:03 | 23-02-2018 - 22:29 | |
CVE-2018-9265 | 5.0 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
|
03-10-2019 - 00:03 | 04-04-2018 - 07:29 | |
CVE-2018-9268 | 5.0 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
|
03-10-2019 - 00:03 | 04-04-2018 - 07:29 | |
CVE-2017-9766 | 5.0 |
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
|
03-10-2019 - 00:03 | 21-06-2017 - 07:29 | |
CVE-2018-7325 | 5.0 |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field.
|
03-10-2019 - 00:03 | 23-02-2018 - 22:29 | |
CVE-2017-17935 | 5.0 |
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that
|
03-10-2019 - 00:03 | 27-12-2017 - 17:08 | |
CVE-2017-13765 | 5.0 |
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
|
03-10-2019 - 00:03 | 30-08-2017 - 09:29 | |
CVE-2017-11406 | 7.8 |
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.
|
03-10-2019 - 00:03 | 18-07-2017 - 21:29 | |
CVE-2017-11409 | 7.8 |
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.
|
03-10-2019 - 00:03 | 18-07-2017 - 21:29 | |
CVE-2017-17997 | 5.0 |
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.
|
01-03-2019 - 18:19 | 30-12-2017 - 07:29 | |
CVE-2017-15191 | 5.0 |
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
|
01-03-2019 - 18:12 | 10-10-2017 - 21:29 | |
CVE-2017-11407 | 5.0 |
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.
|
01-03-2019 - 18:06 | 18-07-2017 - 21:29 | |
CVE-2017-7747 | 5.0 |
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.
|
01-03-2019 - 13:54 | 12-04-2017 - 23:59 | |
CVE-2017-7703 | 5.0 |
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.
|
01-03-2019 - 12:45 | 12-04-2017 - 23:59 | |
CVE-2018-9260 | 5.0 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.
|
27-02-2019 - 17:16 | 04-04-2018 - 07:29 | |
CVE-2018-9259 | 5.0 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.
|
27-02-2019 - 17:16 | 04-04-2018 - 07:29 | |
CVE-2018-9256 | 5.0 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.
|
27-02-2019 - 17:14 | 04-04-2018 - 07:29 | |
CVE-2018-9262 | 5.0 |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.
|
27-02-2019 - 13:59 | 04-04-2018 - 07:29 |