Vulnerabilities (CVE)

Filtered by vendor Wireshark Subscribe
Total 673 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7830 2 Oracle, Wireshark 2 Solaris, Wireshark 2025-04-12 4.3 MEDIUM N/A
The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying.
CVE-2016-9375 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
CVE-2016-6504 1 Wireshark 1 Wireshark 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
CVE-2016-2524 1 Wireshark 1 Wireshark 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2015-0559 2 Opensuse, Wireshark 2 Opensuse, Wireshark 2025-04-12 5.0 MEDIUM N/A
Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.
CVE-2016-6512 1 Wireshark 1 Wireshark 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.
CVE-2014-2299 1 Wireshark 1 Wireshark 2025-04-12 9.3 HIGH N/A
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
CVE-2016-2521 1 Wireshark 1 Wireshark 2025-04-12 7.2 HIGH 7.8 HIGH
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
CVE-2015-8737 1 Wireshark 1 Wireshark 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
CVE-2014-8712 1 Wireshark 1 Wireshark 2025-04-12 5.0 MEDIUM N/A
The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-5356 1 Wireshark 1 Wireshark 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-2532 1 Wireshark 1 Wireshark 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
CVE-2016-5357 2 Oracle, Wireshark 2 Solaris, Wireshark 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-7179 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2014-6431 1 Wireshark 1 Wireshark 2025-04-12 5.0 MEDIUM N/A
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.
CVE-2014-4174 1 Wireshark 1 Wireshark 2025-04-12 9.3 HIGH N/A
wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet.
CVE-2015-3810 1 Wireshark 1 Wireshark 2025-04-12 7.8 HIGH N/A
epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.
CVE-2014-8710 1 Wireshark 1 Wireshark 2025-04-12 5.0 MEDIUM N/A
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
CVE-2014-6422 1 Wireshark 1 Wireshark 2025-04-12 5.0 MEDIUM N/A
The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.
CVE-2014-5161 1 Wireshark 1 Wireshark 2025-04-12 5.0 MEDIUM N/A
The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.