CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Wireshark : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-39929 674 DoS 2021-11-19 2021-11-24
5.0
None Remote Low Not required None None Partial
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
2 CVE-2021-39928 476 DoS 2021-11-18 2021-11-23
5.0
None Remote Low Not required None None Partial
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
3 CVE-2021-39926 120 DoS Overflow 2021-11-19 2021-11-24
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
4 CVE-2021-39925 120 DoS Overflow 2021-11-19 2021-11-24
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
5 CVE-2021-39924 834 DoS 2021-11-19 2021-11-24
5.0
None Remote Low Not required None None Partial
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
6 CVE-2021-39923 476 DoS 2021-11-19 2021-11-24
5.0
None Remote Low Not required None None Partial
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
7 CVE-2021-39922 120 DoS Overflow 2021-11-19 2021-11-24
5.0
None Remote Low Not required None None Partial
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
8 CVE-2021-39921 476 DoS 2021-11-19 2021-11-24
5.0
None Remote Low Not required None None Partial
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
9 CVE-2021-39920 476 DoS 2021-11-18 2021-11-23
5.0
None Remote Low Not required None None Partial
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
10 CVE-2021-22235 835 DoS 2021-07-20 2021-07-29
5.0
None Remote Low Not required None None Partial
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file
11 CVE-2021-22222 835 DoS 2021-06-07 2021-10-20
5.0
None Remote Low Not required None None Partial
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file
12 CVE-2021-22207 89 DoS Sql 2021-04-23 2021-10-20
5.0
None Remote Low Not required None None Partial
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
13 CVE-2021-22191 74 Exec Code 2021-03-15 2021-07-09
6.8
None Remote Medium Not required Partial Partial Partial
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
14 CVE-2021-22174 400 DoS 2021-02-17 2021-07-09
5.0
None Remote Low Not required None None Partial
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
15 CVE-2021-22173 401 DoS 2021-02-17 2021-07-09
5.0
None Remote Low Not required None None Partial
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
16 CVE-2020-28030 400 2020-11-02 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.
17 CVE-2020-26575 835 2020-10-06 2021-02-11
5.0
None Remote Low Not required None None Partial
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
18 CVE-2020-26422 120 DoS Overflow 2020-12-21 2021-06-14
5.0
None Remote Low Not required None None Partial
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
19 CVE-2020-26421 125 DoS 2020-12-11 2021-06-14
5.0
None Remote Low Not required None None Partial
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
20 CVE-2020-26420 401 DoS 2020-12-11 2021-06-14
5.0
None Remote Low Not required None None Partial
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
21 CVE-2020-26419 401 DoS 2020-12-11 2021-06-14
5.0
None Remote Low Not required None None Partial
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
22 CVE-2020-26418 401 DoS 2020-12-11 2021-06-14
5.0
None Remote Low Not required None None Partial
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
23 CVE-2020-25866 476 2020-10-06 2021-01-20
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
24 CVE-2020-25863 2020-10-06 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
25 CVE-2020-25862 354 2020-10-06 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
26 CVE-2020-17498 415 2020-08-13 2021-01-20
4.3
None Remote Medium Not required None None Partial
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
27 CVE-2020-15466 835 2020-07-05 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
28 CVE-2020-13164 400 2020-05-19 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
29 CVE-2020-11647 74 2020-04-10 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
30 CVE-2020-9431 400 2020-02-27 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
31 CVE-2020-9430 20 2020-02-27 2021-02-09
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
32 CVE-2020-9429 476 2020-02-27 2020-07-27
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.
33 CVE-2020-9428 74 2020-02-27 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.
34 CVE-2020-7045 74 2020-01-16 2021-07-21
3.3
None Local Network Low Not required None None Partial
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.
35 CVE-2020-7044 74 2020-01-16 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
36 CVE-2019-19553 909 2019-12-05 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.
37 CVE-2019-16319 835 2019-09-15 2021-02-11
7.8
None Remote Low Not required None None Complete
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
38 CVE-2019-13619 119 Overflow 2019-07-17 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
39 CVE-2019-12295 94 2019-05-23 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.
40 CVE-2019-10903 125 2019-04-09 2020-11-02
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
41 CVE-2019-10902 252 2019-04-09 2020-08-24
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.
42 CVE-2019-10901 476 2019-04-09 2020-11-02
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
43 CVE-2019-10900 835 2019-04-09 2020-08-24
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
44 CVE-2019-10899 119 Overflow 2019-04-09 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
45 CVE-2019-10898 835 2019-04-09 2020-08-24
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.
46 CVE-2019-10897 835 2019-04-09 2020-08-24
5.0
None Remote Low Not required None None Partial
In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.
47 CVE-2019-10896 787 2019-04-09 2020-11-02
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
48 CVE-2019-10895 20 2019-04-09 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
49 CVE-2019-10894 617 2019-04-09 2020-11-02
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
50 CVE-2019-9214 476 2019-02-28 2019-05-16
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
Total number of vulnerabilities : 606   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.