Max CVSS 7.8 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-9431 5.0
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
21-07-2021 - 11:39 27-02-2020 - 23:15
CVE-2019-9209 5.0
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
21-07-2021 - 11:39 28-02-2019 - 04:29
CVE-2020-7044 5.0
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
21-07-2021 - 11:39 16-01-2020 - 04:15
CVE-2020-9428 5.0
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.
21-07-2021 - 11:39 27-02-2020 - 23:15
CVE-2019-10895 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
21-07-2021 - 11:39 09-04-2019 - 04:29
CVE-2019-10899 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
21-07-2021 - 11:39 09-04-2019 - 04:29
CVE-2019-16319 7.8
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
11-02-2021 - 14:16 15-09-2019 - 16:15
CVE-2019-13619 5.0
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
10-02-2021 - 20:37 17-07-2019 - 20:15
CVE-2019-19553 5.0
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.
10-02-2021 - 20:07 05-12-2019 - 01:15
CVE-2020-9430 5.0
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
09-02-2021 - 18:47 27-02-2020 - 23:15
CVE-2019-10903 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
02-11-2020 - 21:15 09-04-2019 - 04:29
CVE-2019-10896 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
02-11-2020 - 21:15 09-04-2019 - 04:29
CVE-2019-10894 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
02-11-2020 - 21:15 09-04-2019 - 04:29
CVE-2019-10901 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
02-11-2020 - 21:15 09-04-2019 - 04:29
CVE-2018-18225 5.0
In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.
15-10-2020 - 16:13 12-10-2018 - 06:29
CVE-2018-16057 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
15-10-2020 - 16:13 30-08-2018 - 01:29
CVE-2018-19626 4.3
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.
24-08-2020 - 17:37 29-11-2018 - 04:29
CVE-2019-5719 4.3
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.
24-08-2020 - 17:37 08-01-2019 - 23:29
CVE-2018-16056 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.
24-08-2020 - 17:37 30-08-2018 - 01:29
CVE-2018-16058 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.
24-08-2020 - 17:37 30-08-2018 - 01:29
CVE-2018-12086 5.0
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
24-08-2020 - 17:37 14-09-2018 - 21:29
CVE-2019-10898 5.0
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.
24-08-2020 - 17:37 09-04-2019 - 04:29
CVE-2019-10897 5.0
In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.
24-08-2020 - 17:37 09-04-2019 - 04:29
CVE-2019-10902 5.0
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.
24-08-2020 - 17:37 09-04-2019 - 04:29
CVE-2019-10900 5.0
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
24-08-2020 - 17:37 09-04-2019 - 04:29
CVE-2020-9429 5.0
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.
27-07-2020 - 02:15 27-02-2020 - 23:15
CVE-2018-19625 4.3
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2019-5717 4.3
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.
20-03-2020 - 01:15 08-01-2019 - 23:29
CVE-2018-19624 4.3
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2018-19628 5.0
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2018-19622 5.0
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2019-5721 4.3
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.
20-03-2020 - 01:15 08-01-2019 - 23:29
CVE-2019-5716 4.3
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.
20-03-2020 - 01:15 08-01-2019 - 23:29
CVE-2018-19627 5.0
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2018-19623 5.0
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2018-14369 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.
20-03-2020 - 01:15 19-07-2018 - 02:29
CVE-2018-14368 7.8
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
20-03-2020 - 01:15 19-07-2018 - 02:29
CVE-2018-14367 5.0
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
20-03-2020 - 01:15 19-07-2018 - 02:29
CVE-2018-14344 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.
20-03-2020 - 01:15 19-07-2018 - 02:29
CVE-2018-14343 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
20-03-2020 - 01:15 19-07-2018 - 02:29
CVE-2018-18226 7.8
In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach.
20-03-2020 - 01:15 12-10-2018 - 06:29
CVE-2018-14370 5.0
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.
20-03-2020 - 01:15 19-07-2018 - 02:29
CVE-2018-18227 5.0
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
20-03-2020 - 01:15 12-10-2018 - 06:29
CVE-2018-14341 7.8
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
20-03-2020 - 01:15 19-07-2018 - 02:29
CVE-2018-14342 7.8
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
20-03-2020 - 01:15 19-07-2018 - 02:29
CVE-2018-14340 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
20-03-2020 - 01:15 19-07-2018 - 02:29
CVE-2018-14339 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
20-03-2020 - 01:15 19-07-2018 - 02:29
CVE-2018-11354 5.0
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
20-03-2020 - 01:15 22-05-2018 - 21:29
CVE-2018-11356 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
20-03-2020 - 01:15 22-05-2018 - 21:29
CVE-2018-11361 5.0
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.
20-03-2020 - 01:15 22-05-2018 - 21:29
CVE-2018-11358 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.
20-03-2020 - 01:15 22-05-2018 - 21:29
CVE-2018-11360 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
20-03-2020 - 01:15 22-05-2018 - 21:29
CVE-2018-11357 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
20-03-2020 - 01:15 22-05-2018 - 21:29
CVE-2018-11362 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
20-03-2020 - 01:15 22-05-2018 - 21:29
CVE-2018-11355 5.0
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
20-03-2020 - 01:15 22-05-2018 - 21:29
CVE-2018-11359 5.0
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
20-03-2020 - 01:15 22-05-2018 - 21:29
CVE-2019-5718 4.3
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.
15-01-2020 - 20:15 08-01-2019 - 23:29
CVE-2019-9214 5.0
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
16-05-2019 - 18:29 28-02-2019 - 04:29
CVE-2019-9208 5.0
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.
16-05-2019 - 18:29 28-02-2019 - 04:29
Back to Top Mark selected
Back to Top