http://open-source-security-software.net/project/wireshark/cves.atom 2026-06-13T04:04:47.000669+00:00 python-feedgen CVE-2023-0668 2023-06-07T03:15:00+00:00 Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. 2023-06-07T03:15:00+00:00 CVE-2023-0667 2023-06-07T03:15:00+00:00 Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark 2023-06-07T03:15:00+00:00 CVE-2023-0666 2023-06-07T03:15:00+00:00 Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. 2023-06-07T03:15:00+00:00 CVE-2023-2952 2023-05-30T23:15:00+00:00 XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file 2023-05-30T23:15:00+00:00 CVE-2023-2856 2023-05-26T21:15:00+00:00 VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2854 2023-05-26T21:15:00+00:00 BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2857 2023-05-26T21:15:00+00:00 BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2855 2023-05-26T21:15:00+00:00 Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2858 2023-05-26T21:15:00+00:00 NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-2879 2023-05-26T21:15:00+00:00 GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file 2023-05-26T21:15:00+00:00 CVE-2023-1992 2023-04-12T21:15:00+00:00 RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12T21:15:00+00:00 CVE-2023-1994 2023-04-12T22:15:00+00:00 GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12T22:15:00+00:00 CVE-2023-1993 2023-04-12T21:15:00+00:00 LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12T21:15:00+00:00 CVE-2023-1161 2023-03-06T21:15:00+00:00 ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file 2023-03-06T21:15:00+00:00 CVE-2023-0412 2023-01-26T21:18:00+00:00 TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file 2023-01-26T21:18:00+00:00 CVE-2007-6438 2007-12-19T22:46:00+00:00 Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111. 2007-12-19T22:46:00+00:00 CVE-2007-6439 2007-12-19T22:46:00+00:00 Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119. 2007-12-19T22:46:00+00:00 CVE-2009-3550 2009-10-30T20:30:00+00:00 The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. 2009-10-30T20:30:00+00:00 CVE-2009-3551 2009-10-30T20:30:00+00:00 Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. 2009-10-30T20:30:00+00:00 CVE-2022-4345 2023-01-12T04:15:00+00:00 Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file 2023-01-12T04:15:00+00:00 CVE-2022-4344 2023-01-12T00:15:00+00:00 Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file 2023-01-12T00:15:00+00:00 CVE-2022-3724 2022-12-09T18:15:00+00:00 Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows 2022-12-09T18:15:00+00:00 CVE-2022-3725 2022-10-27T17:15:00+00:00 Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file 2022-10-27T17:15:00+00:00 CVE-2022-3190 2022-09-13T15:15:00+00:00 Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file 2022-09-13T15:15:00+00:00 CVE-2022-0585 2022-02-18T18:15:00+00:00 Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file 2022-02-18T18:15:00+00:00 CVE-2022-0581 2022-02-14T22:15:00+00:00 Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0582 2022-02-14T22:15:00+00:00 Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0583 2022-02-14T22:15:00+00:00 Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2022-0586 2022-02-14T22:15:00+00:00 Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 2022-02-14T22:15:00+00:00 CVE-2021-4185 2021-12-30T22:15:00+00:00 Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4186 2021-12-30T22:15:00+00:00 Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4190 2021-12-30T22:15:00+00:00 Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4183 2021-12-30T22:15:00+00:00 Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4182 2021-12-30T22:15:00+00:00 Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4181 2021-12-30T22:15:00+00:00 Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-4184 2021-12-30T22:15:00+00:00 Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file 2021-12-30T22:15:00+00:00 CVE-2021-39923 2021-11-19T17:15:00+00:00 Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39923 2021-11-19T17:15:00+00:00 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39929 2021-11-19T17:15:00+00:00 Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39924 2021-11-19T17:15:00+00:00 Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39922 2021-11-19T17:15:00+00:00 Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39925 2021-11-19T17:15:00+00:00 Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39926 2021-11-19T17:15:00+00:00 Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39921 2021-11-19T17:15:00+00:00 NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-19T17:15:00+00:00 CVE-2021-39920 2021-11-18T19:15:00+00:00 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 2021-11-18T19:15:00+00:00 CVE-2021-39928 2021-11-18T19:15:00+00:00 NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 2021-11-18T19:15:00+00:00 CVE-2021-22235 2021-07-20T12:15:00+00:00 Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file 2021-07-20T12:15:00+00:00 CVE-2017-5596 2017-01-25T21:59:00+00:00 In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. 2017-01-25T21:59:00+00:00 CVE-2016-4084 2016-04-25T10:59:00+00:00 Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. 2016-04-25T10:59:00+00:00 CVE-2016-4077 2016-04-25T10:59:00+00:00 epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. 2016-04-25T10:59:00+00:00 CVE-2014-6421 2014-09-20T10:55:00+00:00 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. 2014-09-20T10:55:00+00:00 CVE-2011-4101 2011-11-03T15:55:00+00:00 The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. 2011-11-03T15:55:00+00:00 CVE-2013-4936 2013-07-30T00:56:00+00:00 The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2011-3360 2011-09-20T10:55:00+00:00 Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. 2011-09-20T10:55:00+00:00 CVE-2014-2283 2014-03-11T13:01:00+00:00 epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. 2014-03-11T13:01:00+00:00 CVE-2010-3133 2010-08-26T18:36:00+00:00 Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. 2010-08-26T18:36:00+00:00 CVE-2010-2285 2010-06-15T14:04:00+00:00 The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. 2010-06-15T14:04:00+00:00 CVE-2011-1958 2011-06-06T19:55:00+00:00 Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. 2011-06-06T19:55:00+00:00 CVE-2006-4805 2006-10-27T23:07:00+00:00 epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. 2006-10-27T23:07:00+00:00 CVE-2010-2283 2010-06-15T14:04:00+00:00 The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. 2010-06-15T14:04:00+00:00 CVE-2006-3628 2006-07-21T14:03:00+00:00 Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. 2006-07-21T14:03:00+00:00 CVE-2012-1593 2012-04-11T10:39:00+00:00 epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. 2012-04-11T10:39:00+00:00 CVE-2006-3631 2006-07-21T14:03:00+00:00 Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. 2006-07-21T14:03:00+00:00 CVE-2011-1956 2011-06-06T19:55:00+00:00 The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic. 2011-06-06T19:55:00+00:00 CVE-2006-3627 2006-07-21T14:03:00+00:00 Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors. 2006-07-21T14:03:00+00:00 CVE-2011-1143 2011-03-03T01:00:00+00:00 epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. 2011-03-03T01:00:00+00:00 CVE-2015-0562 2015-01-10T02:59:00+00:00 Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. 2015-01-10T02:59:00+00:00 CVE-2009-0601 2009-02-16T20:30:00+00:00 Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. 2009-02-16T20:30:00+00:00 CVE-2012-0042 2012-04-11T10:39:00+00:00 Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. 2012-04-11T10:39:00+00:00 CVE-2015-0559 2015-01-10T02:59:00+00:00 Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. 2015-01-10T02:59:00+00:00 CVE-2021-22222 2021-06-07T13:15:00+00:00 Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file 2021-06-07T13:15:00+00:00 CVE-2021-22207 2021-04-23T18:15:00+00:00 Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file 2021-04-23T18:15:00+00:00 CVE-2021-22191 2021-03-15T18:15:00+00:00 Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. 2021-03-15T18:15:00+00:00 CVE-2021-22174 2021-02-17T15:15:00+00:00 Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17T15:15:00+00:00 CVE-2021-22173 2021-02-17T15:15:00+00:00 Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17T15:15:00+00:00 CVE-2018-7332 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. 2018-02-23T22:29:00+00:00 CVE-2018-7321 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. 2018-02-23T22:29:00+00:00 CVE-2018-9261 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. 2018-04-04T07:29:00+00:00 CVE-2020-9428 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. 2020-02-27T23:15:00+00:00 CVE-2018-9270 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. 2018-04-04T07:29:00+00:00 CVE-2018-7417 2018-02-23T22:29:00+00:00 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. 2018-02-23T22:29:00+00:00 CVE-2018-7337 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. 2018-02-23T22:29:00+00:00 CVE-2018-7328 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. 2018-02-23T22:29:00+00:00 CVE-2018-9263 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. 2018-04-04T07:29:00+00:00 CVE-2019-5719 2019-01-08T23:29:00+00:00 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. 2019-01-08T23:29:00+00:00 CVE-2019-5721 2019-01-08T23:29:00+00:00 In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. 2019-01-08T23:29:00+00:00 CVE-2018-9266 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. 2018-04-04T07:29:00+00:00 CVE-2018-7327 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. 2018-02-23T22:29:00+00:00 CVE-2020-9430 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. 2020-02-27T23:15:00+00:00 CVE-2019-9209 2019-02-28T04:29:00+00:00 In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. 2019-02-28T04:29:00+00:00 CVE-2019-9214 2019-02-28T04:29:00+00:00 In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. 2019-02-28T04:29:00+00:00 CVE-2018-9269 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. 2018-04-04T07:29:00+00:00 CVE-2018-9272 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. 2018-04-04T07:29:00+00:00 CVE-2018-9258 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. 2018-04-04T07:29:00+00:00 CVE-2018-9262 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. 2018-04-04T07:29:00+00:00 CVE-2018-7323 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. 2018-02-23T22:29:00+00:00 CVE-2018-7330 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. 2018-02-23T22:29:00+00:00 CVE-2018-7335 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. 2018-02-23T22:29:00+00:00 CVE-2018-7325 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. 2018-02-23T22:29:00+00:00 CVE-2018-7418 2018-02-23T22:29:00+00:00 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. 2018-02-23T22:29:00+00:00 CVE-2019-9208 2019-02-28T04:29:00+00:00 In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. 2019-02-28T04:29:00+00:00 CVE-2018-6836 2018-02-08T07:29:00+00:00 The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-02-08T07:29:00+00:00 CVE-2018-9273 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. 2018-04-04T07:29:00+00:00 CVE-2018-9274 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. 2018-04-04T07:29:00+00:00 CVE-2018-9259 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. 2018-04-04T07:29:00+00:00 CVE-2018-7329 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. 2018-02-23T22:29:00+00:00 CVE-2018-7322 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. 2018-02-23T22:29:00+00:00 CVE-2020-7045 2020-01-16T04:15:00+00:00 In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. 2020-01-16T04:15:00+00:00 CVE-2018-9268 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. 2018-04-04T07:29:00+00:00 CVE-2020-9431 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. 2020-02-27T23:15:00+00:00 CVE-2018-7336 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. 2018-02-23T22:29:00+00:00 CVE-2018-7326 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. 2018-02-23T22:29:00+00:00 CVE-2018-7421 2018-02-23T22:29:00+00:00 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. 2018-02-23T22:29:00+00:00 CVE-2018-7419 2018-02-23T22:29:00+00:00 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. 2018-02-23T22:29:00+00:00 CVE-2018-7333 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. 2018-02-23T22:29:00+00:00 CVE-2020-7044 2020-01-16T04:15:00+00:00 In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. 2020-01-16T04:15:00+00:00 CVE-2018-9271 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. 2018-04-04T07:29:00+00:00 CVE-2018-9256 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. 2018-04-04T07:29:00+00:00 CVE-2017-9350 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. 2017-06-02T05:29:00+00:00 CVE-2017-9344 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. 2017-06-02T05:29:00+00:00 CVE-2018-9264 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. 2018-04-04T07:29:00+00:00 CVE-2017-9617 2017-06-14T20:29:00+00:00 In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. 2017-06-14T20:29:00+00:00 CVE-2017-9352 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. 2017-06-02T05:29:00+00:00 CVE-2017-9349 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. 2017-06-02T05:29:00+00:00 CVE-2019-19553 2019-12-05T01:15:00+00:00 In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. 2019-12-05T01:15:00+00:00 CVE-2019-5717 2019-01-08T23:29:00+00:00 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. 2019-01-08T23:29:00+00:00 CVE-2018-9267 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. 2018-04-04T07:29:00+00:00 CVE-2018-5334 2018-01-11T21:29:00+00:00 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. 2018-01-11T21:29:00+00:00 CVE-2018-5336 2018-01-11T21:29:00+00:00 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. 2018-01-11T21:29:00+00:00 CVE-2019-5716 2019-01-08T23:29:00+00:00 In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. 2019-01-08T23:29:00+00:00 CVE-2018-9260 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. 2018-04-04T07:29:00+00:00 CVE-2018-7334 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. 2018-02-23T22:29:00+00:00 CVE-2018-7324 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. 2018-02-23T22:29:00+00:00 CVE-2018-5335 2018-01-11T21:29:00+00:00 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. 2018-01-11T21:29:00+00:00 CVE-2019-5718 2019-01-08T23:29:00+00:00 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. 2019-01-08T23:29:00+00:00 CVE-2017-7747 2017-04-12T23:59:00+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. 2017-04-12T23:59:00+00:00 CVE-2017-7745 2017-04-12T23:59:00+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. 2017-04-12T23:59:00+00:00 CVE-2017-7702 2017-04-12T23:59:00+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. 2017-04-12T23:59:00+00:00 CVE-2018-9257 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. 2018-04-04T07:29:00+00:00 CVE-2017-9345 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. 2017-06-02T05:29:00+00:00 CVE-2017-7705 2017-04-12T23:59:00+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. 2017-04-12T23:59:00+00:00 CVE-2017-7700 2017-04-12T23:59:00+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. 2017-04-12T23:59:00+00:00 CVE-2017-9353 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. 2017-06-02T05:29:00+00:00 CVE-2017-9354 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. 2017-06-02T05:29:00+00:00 CVE-2017-9351 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. 2017-06-02T05:29:00+00:00 CVE-2017-9346 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. 2017-06-02T05:29:00+00:00 CVE-2017-9343 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. 2017-06-02T05:29:00+00:00 CVE-2018-7420 2018-02-23T22:29:00+00:00 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. 2018-02-23T22:29:00+00:00 CVE-2018-7331 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. 2018-02-23T22:29:00+00:00 CVE-2018-7320 2018-02-23T22:29:00+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. 2018-02-23T22:29:00+00:00 CVE-2018-9265 2018-04-04T07:29:00+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. 2018-04-04T07:29:00+00:00 CVE-2017-9347 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. 2017-06-02T05:29:00+00:00 CVE-2020-9429 2020-02-27T23:15:00+00:00 In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value. 2020-02-27T23:15:00+00:00 CVE-2017-9616 2017-06-14T20:29:00+00:00 In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. 2017-06-14T20:29:00+00:00 CVE-2017-9348 2017-06-02T05:29:00+00:00 In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. 2017-06-02T05:29:00+00:00 CVE-2017-7703 2017-04-12T23:59:00+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. 2017-04-12T23:59:00+00:00 CVE-2018-19627 2018-11-29T04:29:00+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. 2018-11-29T04:29:00+00:00 CVE-2017-6470 2017-03-04T03:59:00+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. 2017-03-04T03:59:00+00:00 CVE-2017-7704 2017-04-12T23:59:00+00:00 In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. 2017-04-12T23:59:00+00:00 CVE-2017-7746 2017-04-12T23:59:00+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. 2017-04-12T23:59:00+00:00 CVE-2017-9766 2017-06-21T07:29:00+00:00 In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. 2017-06-21T07:29:00+00:00 CVE-2017-7748 2017-04-12T23:59:00+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check. 2017-04-12T23:59:00+00:00 CVE-2017-7701 2017-04-12T23:59:00+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type. 2017-04-12T23:59:00+00:00 CVE-2018-19625 2018-11-29T04:29:00+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. 2018-11-29T04:29:00+00:00 CVE-2018-19622 2018-11-29T04:29:00+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. 2018-11-29T04:29:00+00:00 CVE-2017-6468 2017-03-04T03:59:00+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. 2017-03-04T03:59:00+00:00 CVE-2018-19626 2018-11-29T04:29:00+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. 2018-11-29T04:29:00+00:00 CVE-2018-19624 2018-11-29T04:29:00+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. 2018-11-29T04:29:00+00:00 CVE-2017-6474 2017-03-04T03:59:00+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. 2017-03-04T03:59:00+00:00 CVE-2017-6469 2017-03-04T03:59:00+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. 2017-03-04T03:59:00+00:00 CVE-2018-19628 2018-11-29T04:29:00+00:00 In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. 2018-11-29T04:29:00+00:00 CVE-2018-19623 2018-11-29T04:29:00+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. 2018-11-29T04:29:00+00:00 CVE-2017-5596 2017-01-25T21:59:00+00:00 In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. <a href="http://cwe.mitre.org/data/definitions/835.html">CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')</a> 2017-01-25T21:59:00+00:00 CVE-2017-6472 2017-03-04T03:59:00+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. 2017-03-04T03:59:00+00:00 CVE-2017-5597 2017-01-25T21:59:00+00:00 In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. 2017-01-25T21:59:00+00:00 CVE-2018-18225 2018-10-12T06:29:00+00:00 In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. 2018-10-12T06:29:00+00:00 CVE-2018-18227 2018-10-12T06:29:00+00:00 In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. 2018-10-12T06:29:00+00:00 CVE-2017-6471 2017-03-04T03:59:00+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. 2017-03-04T03:59:00+00:00 CVE-2017-6467 2017-03-04T03:59:00+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. 2017-03-04T03:59:00+00:00 CVE-2017-6014 2017-02-17T07:59:00+00:00 In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. 2017-02-17T07:59:00+00:00 CVE-2018-18226 2018-10-12T06:29:00+00:00 In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. 2018-10-12T06:29:00+00:00 CVE-2016-9376 2016-11-17T05:59:00+00:00 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. 2016-11-17T05:59:00+00:00 CVE-2016-9374 2016-11-17T05:59:00+00:00 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. 2016-11-17T05:59:00+00:00 CVE-2019-16319 2019-09-15T16:15:00+00:00 In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. 2019-09-15T16:15:00+00:00 CVE-2020-28030 2020-11-02T21:15:00+00:00 In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. 2020-11-02T21:15:00+00:00 CVE-2016-9372 2016-11-17T05:59:00+00:00 In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. 2016-11-17T05:59:00+00:00 CVE-2020-26419 2020-12-11T19:15:00+00:00 Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2016-7957 2017-04-12T10:59:00+00:00 In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. 2017-04-12T10:59:00+00:00 CVE-2020-25862 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. 2020-10-06T15:15:00+00:00 CVE-2018-16058 2018-08-30T01:29:00+00:00 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. 2018-08-30T01:29:00+00:00 CVE-2020-26420 2020-12-11T19:15:00+00:00 Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2016-7178 2016-09-09T10:59:00+00:00 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. 2016-09-09T10:59:00+00:00 CVE-2016-6504 2016-08-06T23:59:00+00:00 epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. 2016-08-06T23:59:00+00:00 CVE-2016-7176 2016-09-09T10:59:00+00:00 epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. 2016-09-09T10:59:00+00:00 CVE-2020-25863 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. 2020-10-06T15:15:00+00:00 CVE-2018-16056 2018-08-30T01:29:00+00:00 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. 2018-08-30T01:29:00+00:00 CVE-2020-26421 2020-12-11T19:15:00+00:00 Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-26575 2020-10-06T15:15:00+00:00 In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. 2020-10-06T15:15:00+00:00 CVE-2020-26418 2020-12-11T19:15:00+00:00 Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. 2020-12-11T19:15:00+00:00 CVE-2020-25866 2020-10-06T15:15:00+00:00 In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. 2020-10-06T15:15:00+00:00 CVE-2016-6511 2016-08-06T23:59:00+00:00 epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. 2016-08-06T23:59:00+00:00 CVE-2016-9375 2016-11-17T05:59:00+00:00 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. 2016-11-17T05:59:00+00:00 CVE-2016-9373 2016-11-17T05:59:00+00:00 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. 2016-11-17T05:59:00+00:00 CVE-2015-8741 2016-01-04T05:59:00+00:00 The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8732 2016-01-04T05:59:00+00:00 The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8715 2016-01-04T05:59:00+00:00 epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2016-7958 2017-04-12T10:59:00+00:00 In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. 2017-04-12T10:59:00+00:00 CVE-2020-26422 2020-12-21T18:15:00+00:00 Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file 2020-12-21T18:15:00+00:00 CVE-2015-8733 2016-01-04T05:59:00+00:00 The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. 2016-01-04T05:59:00+00:00 CVE-2015-8726 2016-01-04T05:59:00+00:00 wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. 2016-01-04T05:59:00+00:00 CVE-2016-5350 2016-08-07T16:59:00+00:00 epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-08-07T16:59:00+00:00 CVE-2015-8736 2016-01-04T05:59:00+00:00 The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. 2016-01-04T05:59:00+00:00 CVE-2015-8724 2016-01-04T05:59:00+00:00 The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2016-6508 2016-08-06T23:59:00+00:00 epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. 2016-08-06T23:59:00+00:00 CVE-2016-6510 2016-08-06T23:59:00+00:00 Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. 2016-08-06T23:59:00+00:00 CVE-2016-6503 2016-08-06T23:59:00+00:00 The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-06T23:59:00+00:00 CVE-2016-7175 2016-09-09T10:59:00+00:00 epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-09-09T10:59:00+00:00 CVE-2016-7179 2016-09-09T10:59:00+00:00 Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-09-09T10:59:00+00:00 CVE-2015-8719 2016-01-04T05:59:00+00:00 The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8711 2016-01-04T05:59:00+00:00 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2018-16057 2018-08-30T01:29:00+00:00 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. 2018-08-30T01:29:00+00:00 CVE-2015-8722 2016-01-04T05:59:00+00:00 epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8713 2016-01-04T05:59:00+00:00 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2020-17498 2020-08-13T16:15:00+00:00 In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. 2020-08-13T16:15:00+00:00 CVE-2015-8727 2016-01-04T05:59:00+00:00 The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8720 2016-01-04T05:59:00+00:00 The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8717 2016-01-04T05:59:00+00:00 The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2016-5353 2016-08-07T16:59:00+00:00 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-07T16:59:00+00:00 CVE-2016-6506 2016-08-06T23:59:00+00:00 epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-08-06T23:59:00+00:00 CVE-2018-14370 2018-07-19T02:29:00+00:00 In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. 2018-07-19T02:29:00+00:00 CVE-2015-8742 2016-01-04T05:59:00+00:00 The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2016-5357 2016-08-07T16:59:00+00:00 wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2016-08-07T16:59:00+00:00 CVE-2016-6512 2016-08-06T23:59:00+00:00 epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. 2016-08-06T23:59:00+00:00 CVE-2015-8734 2016-01-04T05:59:00+00:00 The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8728 2016-01-04T05:59:00+00:00 The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8740 2016-01-04T05:59:00+00:00 The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8718 2016-01-04T05:59:00+00:00 Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2016-6509 2016-08-06T23:59:00+00:00 epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-06T23:59:00+00:00 CVE-2016-6507 2016-08-06T23:59:00+00:00 epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-08-06T23:59:00+00:00 CVE-2018-14340 2018-07-19T02:29:00+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. 2018-07-19T02:29:00+00:00 CVE-2016-5358 2016-08-07T16:59:00+00:00 epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-07T16:59:00+00:00 CVE-2015-8737 2016-01-04T05:59:00+00:00 The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. 2016-01-04T05:59:00+00:00 CVE-2015-8729 2016-01-04T05:59:00+00:00 The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. 2016-01-04T05:59:00+00:00 CVE-2015-8721 2016-01-04T05:59:00+00:00 Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. 2016-01-04T05:59:00+00:00 CVE-2015-8712 2016-01-04T05:59:00+00:00 The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2016-5359 2016-08-07T16:59:00+00:00 epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. 2016-08-07T16:59:00+00:00 CVE-2016-5355 2016-08-07T16:59:00+00:00 wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2016-08-07T16:59:00+00:00 CVE-2016-5352 2016-08-07T16:59:00+00:00 epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-07T16:59:00+00:00 CVE-2016-5351 2016-08-07T16:59:00+00:00 epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-07T16:59:00+00:00 CVE-2015-8735 2016-01-04T05:59:00+00:00 The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2018-14438 2018-07-20T00:29:00+00:00 In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. 2018-07-20T00:29:00+00:00 CVE-2015-8716 2016-01-04T05:59:00+00:00 The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2016-5354 2016-08-07T16:59:00+00:00 The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-07T16:59:00+00:00 CVE-2018-14344 2018-07-19T02:29:00+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. 2018-07-19T02:29:00+00:00 CVE-2018-14341 2018-07-19T02:29:00+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. 2018-07-19T02:29:00+00:00 CVE-2018-14339 2018-07-19T02:29:00+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. 2018-07-19T02:29:00+00:00 CVE-2016-6505 2016-08-06T23:59:00+00:00 epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. 2016-08-06T23:59:00+00:00 CVE-2016-7180 2016-09-09T10:59:00+00:00 epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. 2016-09-09T10:59:00+00:00 CVE-2016-7177 2016-09-09T10:59:00+00:00 epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. 2016-09-09T10:59:00+00:00 CVE-2018-14368 2018-07-19T02:29:00+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. 2018-07-19T02:29:00+00:00 CVE-2018-14342 2018-07-19T02:29:00+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. 2018-07-19T02:29:00+00:00 CVE-2013-7114 2013-12-19T22:55:00+00:00 Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. 2013-12-19T22:55:00+00:00 CVE-2018-14343 2018-07-19T02:29:00+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. 2018-07-19T02:29:00+00:00 CVE-2015-8738 2016-01-04T05:59:00+00:00 The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8725 2016-01-04T05:59:00+00:00 The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2016-6513 2016-08-06T23:59:00+00:00 epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-06T23:59:00+00:00 CVE-2015-8739 2016-01-04T05:59:00+00:00 The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8730 2016-01-04T05:59:00+00:00 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8723 2016-01-04T05:59:00+00:00 The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8731 2016-01-04T05:59:00+00:00 The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2015-8714 2016-01-04T05:59:00+00:00 The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2016-5356 2016-08-07T16:59:00+00:00 wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2016-08-07T16:59:00+00:00 CVE-2018-14369 2018-07-19T02:29:00+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. 2018-07-19T02:29:00+00:00 CVE-2018-14367 2018-07-19T02:29:00+00:00 In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. 2018-07-19T02:29:00+00:00 CVE-2017-17997 2017-12-30T07:29:00+00:00 In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. 2017-12-30T07:29:00+00:00 CVE-2015-7830 2015-11-15T03:59:00+00:00 The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. 2015-11-15T03:59:00+00:00 CVE-2016-4421 2016-05-01T01:59:00+00:00 epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. 2016-05-01T01:59:00+00:00 CVE-2016-4418 2016-05-01T01:59:00+00:00 epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. 2016-05-01T01:59:00+00:00 CVE-2013-7113 2013-12-19T22:55:00+00:00 epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-12-19T22:55:00+00:00 CVE-2020-15466 2020-07-05T11:15:00+00:00 In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. 2020-07-05T11:15:00+00:00 CVE-2013-7112 2013-12-19T22:55:00+00:00 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2013-12-19T22:55:00+00:00 CVE-2017-17935 2017-12-27T17:08:00+00:00 The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. 2017-12-27T17:08:00+00:00 CVE-2014-8712 2014-11-23T02:59:00+00:00 The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-11-23T02:59:00+00:00 CVE-2016-4420 2016-05-01T01:59:00+00:00 The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-05-01T01:59:00+00:00 CVE-2016-4417 2016-05-01T01:59:00+00:00 Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. 2016-05-01T01:59:00+00:00 CVE-2016-4416 2016-05-01T01:59:00+00:00 epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. 2016-05-01T01:59:00+00:00 CVE-2016-4419 2016-05-01T01:59:00+00:00 epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. 2016-05-01T01:59:00+00:00 CVE-2015-6248 2015-08-24T23:59:00+00:00 The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24T23:59:00+00:00 CVE-2015-6246 2015-08-24T23:59:00+00:00 The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24T23:59:00+00:00 CVE-2017-17083 2017-12-01T08:29:00+00:00 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. 2017-12-01T08:29:00+00:00 CVE-2018-11355 2018-05-22T21:29:00+00:00 In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. 2018-05-22T21:29:00+00:00 CVE-2014-8714 2014-11-23T02:59:00+00:00 The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2014-11-23T02:59:00+00:00 CVE-2014-8713 2014-11-23T02:59:00+00:00 Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-11-23T02:59:00+00:00 CVE-2014-8711 2014-11-23T02:59:00+00:00 Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. 2014-11-23T02:59:00+00:00 CVE-2016-4415 2016-05-01T01:59:00+00:00 wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. 2016-05-01T01:59:00+00:00 CVE-2018-11362 2018-05-22T21:29:00+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. 2018-05-22T21:29:00+00:00 CVE-2018-11359 2018-05-22T21:29:00+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. 2018-05-22T21:29:00+00:00 CVE-2015-6249 2015-08-24T23:59:00+00:00 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24T23:59:00+00:00 CVE-2015-6247 2015-08-24T23:59:00+00:00 The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-08-24T23:59:00+00:00 CVE-2015-6244 2015-08-24T23:59:00+00:00 The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24T23:59:00+00:00 CVE-2018-11361 2018-05-22T21:29:00+00:00 In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. 2018-05-22T21:29:00+00:00 CVE-2018-11358 2018-05-22T21:29:00+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. 2018-05-22T21:29:00+00:00 CVE-2018-11356 2018-05-22T21:29:00+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. 2018-05-22T21:29:00+00:00 CVE-2018-11354 2018-05-22T21:29:00+00:00 In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. 2018-05-22T21:29:00+00:00 CVE-2016-4085 2016-04-25T10:59:00+00:00 Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. 2016-04-25T10:59:00+00:00 CVE-2015-6245 2015-08-24T23:59:00+00:00 epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-08-24T23:59:00+00:00 CVE-2015-6243 2015-08-24T23:59:00+00:00 The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. 2015-08-24T23:59:00+00:00 CVE-2015-6242 2015-08-24T23:59:00+00:00 The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. 2015-08-24T23:59:00+00:00 CVE-2015-6241 2015-08-24T23:59:00+00:00 The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24T23:59:00+00:00 CVE-2014-8710 2014-11-23T02:59:00+00:00 The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. 2014-11-23T02:59:00+00:00 CVE-2017-17084 2017-12-01T08:29:00+00:00 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. 2017-12-01T08:29:00+00:00 CVE-2016-4084 2016-04-25T10:59:00+00:00 Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. <a href="http://cwe.mitre.org/data/definitions/190.html">CWE-190: Integer Overflow or Wraparound</a> 2016-04-25T10:59:00+00:00 CVE-2016-4080 2016-04-25T10:59:00+00:00 epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-04-25T10:59:00+00:00 CVE-2018-11360 2018-05-22T21:29:00+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. 2018-05-22T21:29:00+00:00 CVE-2018-11357 2018-05-22T21:29:00+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. 2018-05-22T21:29:00+00:00 CVE-2016-4083 2016-04-25T10:59:00+00:00 epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-25T10:59:00+00:00 CVE-2016-4081 2016-04-25T10:59:00+00:00 epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-04-25T10:59:00+00:00 CVE-2016-4078 2016-04-25T10:59:00+00:00 The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. 2016-04-25T10:59:00+00:00 CVE-2016-4077 2016-04-25T10:59:00+00:00 epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> 2016-04-25T10:59:00+00:00 CVE-2019-13619 2019-07-17T20:15:00+00:00 In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. 2019-07-17T20:15:00+00:00 CVE-2016-4082 2016-04-25T10:59:00+00:00 epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. 2016-04-25T10:59:00+00:00 CVE-2016-4079 2016-04-25T10:59:00+00:00 epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. 2016-04-25T10:59:00+00:00 CVE-2016-4076 2016-04-25T10:59:00+00:00 epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-25T10:59:00+00:00 CVE-2013-6336 2013-11-04T16:55:00+00:00 The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-11-04T16:55:00+00:00 CVE-2016-4006 2016-04-25T10:59:00+00:00 epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. 2016-04-25T10:59:00+00:00 CVE-2013-6340 2013-11-04T16:55:00+00:00 epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-11-04T16:55:00+00:00 CVE-2013-6338 2013-11-04T16:55:00+00:00 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-11-04T16:55:00+00:00 CVE-2017-17085 2017-12-01T08:29:00+00:00 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. 2017-12-01T08:29:00+00:00 CVE-2013-6337 2013-11-04T16:55:00+00:00 Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-11-04T16:55:00+00:00 CVE-2012-6053 2012-12-05T11:57:00+00:00 epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field. 2012-12-05T11:57:00+00:00 CVE-2014-6428 2014-09-20T10:55:00+00:00 The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-09-20T10:55:00+00:00 CVE-2014-6423 2014-09-20T10:55:00+00:00 The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. 2014-09-20T10:55:00+00:00 CVE-2016-2531 2016-02-28T04:59:00+00:00 Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. 2016-02-28T04:59:00+00:00 CVE-2016-2525 2016-02-28T04:59:00+00:00 epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. 2016-02-28T04:59:00+00:00 CVE-2013-5721 2013-09-16T13:01:00+00:00 The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-09-16T13:01:00+00:00 CVE-2014-6421 2014-09-20T10:55:00+00:00 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> 2014-09-20T10:55:00+00:00 CVE-2016-2527 2016-02-28T04:59:00+00:00 wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. 2016-02-28T04:59:00+00:00 CVE-2014-6431 2014-09-20T10:55:00+00:00 Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. 2014-09-20T10:55:00+00:00 CVE-2014-6427 2014-09-20T10:55:00+00:00 Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. 2014-09-20T10:55:00+00:00 CVE-2013-5718 2013-09-16T13:01:00+00:00 The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-09-16T13:01:00+00:00 CVE-2013-5720 2013-09-16T13:01:00+00:00 Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-09-16T13:01:00+00:00 CVE-2014-6425 2014-09-20T10:55:00+00:00 The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. 2014-09-20T10:55:00+00:00 CVE-2014-6422 2014-09-20T10:55:00+00:00 The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. 2014-09-20T10:55:00+00:00 CVE-2013-4933 2013-07-30T00:56:00+00:00 The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. 2013-07-30T00:56:00+00:00 CVE-2013-4921 2013-07-30T00:56:00+00:00 Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2013-4930 2013-07-30T00:56:00+00:00 The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2016-2523 2016-02-28T04:59:00+00:00 The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-02-28T04:59:00+00:00 CVE-2013-4924 2013-07-30T00:56:00+00:00 epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2020-13164 2020-05-19T22:15:00+00:00 In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. 2020-05-19T22:15:00+00:00 CVE-2012-6061 2012-12-05T11:57:00+00:00 The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet. 2012-12-05T11:57:00+00:00 CVE-2012-6059 2012-12-05T11:57:00+00:00 The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2012-12-05T11:57:00+00:00 CVE-2012-6055 2012-12-05T11:57:00+00:00 epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field. 2012-12-05T11:57:00+00:00 CVE-2014-5161 2014-08-01T11:13:00+00:00 The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. 2014-08-01T11:13:00+00:00 CVE-2013-4929 2013-07-30T00:56:00+00:00 The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2013-4931 2013-07-30T00:56:00+00:00 epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. 2013-07-30T00:56:00+00:00 CVE-2013-4920 2013-07-30T00:56:00+00:00 The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2016-2526 2016-02-28T04:59:00+00:00 epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-02-28T04:59:00+00:00 CVE-2016-2522 2016-02-28T04:59:00+00:00 The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-02-28T04:59:00+00:00 CVE-2014-5164 2014-08-01T11:13:00+00:00 The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-08-01T11:13:00+00:00 CVE-2013-4923 2013-07-30T00:56:00+00:00 Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. 2013-07-30T00:56:00+00:00 CVE-2014-6429 2014-09-20T10:55:00+00:00 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2014-09-20T10:55:00+00:00 CVE-2014-6424 2014-09-20T10:55:00+00:00 The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. 2014-09-20T10:55:00+00:00 CVE-2013-5717 2013-09-16T13:01:00+00:00 The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. 2013-09-16T13:01:00+00:00 CVE-2013-6339 2013-11-04T16:55:00+00:00 The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. 2013-11-04T16:55:00+00:00 CVE-2013-5722 2013-09-16T13:01:00+00:00 Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-09-16T13:01:00+00:00 CVE-2015-4652 2015-07-22T01:59:00+00:00 epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. 2015-07-22T01:59:00+00:00 CVE-2014-6432 2014-09-20T10:55:00+00:00 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2014-09-20T10:55:00+00:00 CVE-2014-6430 2014-09-20T10:55:00+00:00 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2014-09-20T10:55:00+00:00 CVE-2014-6426 2014-09-20T10:55:00+00:00 The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2014-09-20T10:55:00+00:00 CVE-2012-6060 2012-12-05T11:57:00+00:00 Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2012-12-05T11:57:00+00:00 CVE-2012-6056 2012-12-05T11:57:00+00:00 Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count. 2012-12-05T11:57:00+00:00 CVE-2012-6052 2012-12-05T11:57:00+00:00 Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files. 2012-12-05T11:57:00+00:00 CVE-2016-2528 2016-02-28T04:59:00+00:00 The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. 2016-02-28T04:59:00+00:00 CVE-2016-2524 2016-02-28T04:59:00+00:00 epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-02-28T04:59:00+00:00 CVE-2016-2521 2016-02-28T04:59:00+00:00 Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. 2016-02-28T04:59:00+00:00 CVE-2013-4926 2013-07-30T00:56:00+00:00 epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2013-5719 2013-09-16T13:01:00+00:00 epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2013-09-16T13:01:00+00:00 CVE-2013-4922 2013-07-30T00:56:00+00:00 Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2012-5237 2012-10-04T19:55:00+00:00 The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2012-10-04T19:55:00+00:00 CVE-2016-2530 2016-02-28T04:59:00+00:00 The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. 2016-02-28T04:59:00+00:00 CVE-2017-15191 2017-10-10T21:29:00+00:00 In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. 2017-10-10T21:29:00+00:00 CVE-2017-15190 2017-10-10T21:29:00+00:00 In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. 2017-10-10T21:29:00+00:00 CVE-2013-4083 2013-06-09T21:55:00+00:00 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-06-09T21:55:00+00:00 CVE-2013-4928 2013-07-30T00:56:00+00:00 Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2013-4925 2013-07-30T00:56:00+00:00 Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2014-5162 2014-08-01T11:13:00+00:00 The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet. 2014-08-01T11:13:00+00:00 CVE-2013-4936 2013-07-30T00:56:00+00:00 The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' ms - no changes 10/3/13 2013-07-30T00:56:00+00:00 CVE-2013-4074 2013-06-09T21:55:00+00:00 The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-06-09T21:55:00+00:00 CVE-2014-5165 2014-08-01T11:13:00+00:00 The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. 2014-08-01T11:13:00+00:00 CVE-2017-15192 2017-10-10T21:29:00+00:00 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. 2017-10-10T21:29:00+00:00 CVE-2012-6062 2012-12-05T11:57:00+00:00 The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2012-12-05T11:57:00+00:00 CVE-2012-6058 2012-12-05T11:57:00+00:00 Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value. 2012-12-05T11:57:00+00:00 CVE-2012-6054 2012-12-05T11:57:00+00:00 The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6. 2012-12-05T11:57:00+00:00 CVE-2013-4927 2013-07-30T00:56:00+00:00 Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2013-4935 2013-07-30T00:56:00+00:00 The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2017-15189 2017-10-10T21:29:00+00:00 In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. 2017-10-10T21:29:00+00:00 CVE-2016-2529 2016-02-28T04:59:00+00:00 The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. 2016-02-28T04:59:00+00:00 CVE-2015-3812 2015-05-26T15:59:00+00:00 Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. 2015-05-26T15:59:00+00:00 CVE-2012-6057 2012-12-05T11:57:00+00:00 The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet. 2012-12-05T11:57:00+00:00 CVE-2015-3815 2015-05-26T15:59:00+00:00 The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. 2015-05-26T15:59:00+00:00 CVE-2015-3810 2015-05-26T15:59:00+00:00 epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. 2015-05-26T15:59:00+00:00 CVE-2013-4082 2013-06-09T21:55:00+00:00 The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. 2013-06-09T21:55:00+00:00 CVE-2014-5163 2014-08-01T11:13:00+00:00 The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-08-01T11:13:00+00:00 CVE-2013-4934 2013-07-30T00:56:00+00:00 The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. 2013-07-30T00:56:00+00:00 CVE-2016-2532 2016-02-28T04:59:00+00:00 The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. 2016-02-28T04:59:00+00:00 CVE-2013-4080 2013-06-09T21:55:00+00:00 The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. 2013-06-09T21:55:00+00:00 CVE-2013-4077 2013-06-09T21:55:00+00:00 Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. 2013-06-09T21:55:00+00:00 CVE-2013-3558 2013-05-25T03:18:00+00:00 The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-25T03:18:00+00:00 CVE-2012-5240 2012-10-04T19:55:00+00:00 Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. 2012-10-04T19:55:00+00:00 CVE-2013-3556 2013-05-25T03:18:00+00:00 The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-25T03:18:00+00:00 CVE-2013-3560 2013-05-25T03:18:00+00:00 The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-25T03:18:00+00:00 CVE-2017-6473 2017-03-04T03:59:00+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. 2017-03-04T03:59:00+00:00 CVE-2012-4291 2012-08-16T10:38:00+00:00 The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. 2012-08-16T10:38:00+00:00 CVE-2012-4286 2012-08-16T10:38:00+00:00 The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file. 2012-08-16T10:38:00+00:00 CVE-2017-15193 2017-10-10T21:29:00+00:00 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. 2017-10-10T21:29:00+00:00 CVE-2012-4290 2012-08-16T10:38:00+00:00 The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. 2012-08-16T10:38:00+00:00 CVE-2015-3811 2015-05-26T15:59:00+00:00 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. 2015-05-26T15:59:00+00:00 CVE-2012-4292 2012-08-16T10:38:00+00:00 The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2012-08-16T10:38:00+00:00 CVE-2012-4287 2012-08-16T10:38:00+00:00 epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length. 2012-08-16T10:38:00+00:00 CVE-2015-3813 2015-05-26T15:59:00+00:00 The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. 2015-05-26T15:59:00+00:00 CVE-2012-4049 2012-07-24T19:55:00+00:00 epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. 2012-07-24T19:55:00+00:00 CVE-2019-12295 2019-05-23T12:29:00+00:00 In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. 2019-05-23T12:29:00+00:00 CVE-2017-13767 2017-08-30T09:29:00+00:00 In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. 2017-08-30T09:29:00+00:00 CVE-2012-5238 2012-10-04T19:55:00+00:00 epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. 2012-10-04T19:55:00+00:00 CVE-2013-4078 2013-06-09T21:55:00+00:00 epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-06-09T21:55:00+00:00 CVE-2013-3562 2013-05-25T03:18:00+00:00 Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-25T03:18:00+00:00 CVE-2015-4651 2015-07-22T01:59:00+00:00 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-07-22T01:59:00+00:00 CVE-2015-3814 2015-05-26T15:59:00+00:00 The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-05-26T15:59:00+00:00 CVE-2013-4081 2013-06-09T21:55:00+00:00 The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. 2013-06-09T21:55:00+00:00 CVE-2013-4076 2013-06-09T21:55:00+00:00 Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-06-09T21:55:00+00:00 CVE-2011-3484 2011-09-20T10:55:00+00:00 The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet. 2011-09-20T10:55:00+00:00 CVE-2011-4102 2011-11-03T15:55:00+00:00 Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file. 2011-11-03T15:55:00+00:00 CVE-2013-3555 2013-05-25T03:18:00+00:00 epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-25T03:18:00+00:00 CVE-2013-4932 2013-07-30T00:56:00+00:00 Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-30T00:56:00+00:00 CVE-2008-6472 2009-03-14T18:30:00+00:00 The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. 2009-03-14T18:30:00+00:00 CVE-2014-4174 2014-06-18T16:55:00+00:00 wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. 2014-06-18T16:55:00+00:00 CVE-2007-6115 2007-11-23T20:46:00+00:00 Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. 2007-11-23T20:46:00+00:00 CVE-2012-4293 2012-08-16T10:38:00+00:00 plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. 2012-08-16T10:38:00+00:00 CVE-2013-3561 2013-05-25T03:18:00+00:00 Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. 2013-05-25T03:18:00+00:00 CVE-2012-4295 2012-08-16T10:38:00+00:00 Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. 2012-08-16T10:38:00+00:00 CVE-2011-4100 2011-11-03T15:55:00+00:00 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2011-11-03T15:55:00+00:00 CVE-2011-3483 2011-09-20T10:55:00+00:00 Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." 2011-09-20T10:55:00+00:00 CVE-2007-6118 2007-11-23T20:46:00+00:00 The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. 2007-11-23T20:46:00+00:00 CVE-2007-6113 2007-11-23T20:46:00+00:00 Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. 2007-11-23T20:46:00+00:00 CVE-2012-4288 2012-08-16T10:38:00+00:00 Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. 2012-08-16T10:38:00+00:00 CVE-2012-4048 2012-07-24T19:55:00+00:00 The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. 2012-07-24T19:55:00+00:00 CVE-2012-4297 2012-08-16T10:38:00+00:00 Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet. 2012-08-16T10:38:00+00:00 CVE-2012-4289 2012-08-16T10:38:00+00:00 epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. 2012-08-16T10:38:00+00:00 CVE-2007-6451 2007-12-19T22:46:00+00:00 Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. 2007-12-19T22:46:00+00:00 CVE-2010-4300 2010-11-26T19:00:00+00:00 Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. 2010-11-26T19:00:00+00:00 CVE-2013-3559 2013-05-25T03:18:00+00:00 epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. 2013-05-25T03:18:00+00:00 CVE-2012-4298 2012-08-16T10:38:00+00:00 Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow. 2012-08-16T10:38:00+00:00 CVE-2012-4294 2012-08-16T10:38:00+00:00 Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. 2012-08-16T10:38:00+00:00 CVE-2012-4285 2012-08-16T10:38:00+00:00 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. 2012-08-16T10:38:00+00:00 CVE-2013-2484 2013-03-07T15:55:00+00:00 The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-03-07T15:55:00+00:00 CVE-2007-6439 2007-12-19T22:46:00+00:00 Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119. 2007-12-19T22:46:00+00:00 CVE-2015-3808 2015-05-26T15:59:00+00:00 The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-05-26T15:59:00+00:00 CVE-2010-4538 2011-01-07T19:00:00+00:00 Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. 2011-01-07T19:00:00+00:00 CVE-2012-4296 2012-08-16T10:38:00+00:00 Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. 2012-08-16T10:38:00+00:00 CVE-2007-6117 2007-11-23T20:46:00+00:00 Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages. 2007-11-23T20:46:00+00:00 CVE-2007-6114 2007-11-23T20:46:00+00:00 Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. 2007-11-23T20:46:00+00:00 CVE-2011-4101 2011-11-03T15:55:00+00:00 The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' 2011-11-03T15:55:00+00:00 CVE-2013-4075 2013-06-09T21:55:00+00:00 epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-06-09T21:55:00+00:00 CVE-2007-6112 2007-11-23T20:46:00+00:00 Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. 2007-11-23T20:46:00+00:00 CVE-2015-3906 2015-05-26T15:59:00+00:00 The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. 2015-05-26T15:59:00+00:00 CVE-2007-6441 2007-12-19T22:46:00+00:00 The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." 2007-12-19T22:46:00+00:00 CVE-2012-3826 2012-06-30T10:15:00+00:00 Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392. 2012-06-30T10:15:00+00:00 CVE-2013-2488 2013-03-07T15:55:00+00:00 The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location. 2013-03-07T15:55:00+00:00 CVE-2013-2483 2013-03-07T15:55:00+00:00 The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. 2013-03-07T15:55:00+00:00 CVE-2013-2476 2013-03-07T15:55:00+00:00 The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. 2013-03-07T15:55:00+00:00 CVE-2013-4079 2013-06-09T21:55:00+00:00 The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. 2013-06-09T21:55:00+00:00 CVE-2014-2907 2014-04-24T10:55:00+00:00 The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-04-24T10:55:00+00:00 CVE-2013-2485 2013-03-07T15:55:00+00:00 The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-03-07T15:55:00+00:00 CVE-2013-2481 2013-03-07T15:55:00+00:00 Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. 2013-03-07T15:55:00+00:00 CVE-2013-2478 2013-03-07T15:55:00+00:00 The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. 2013-03-07T15:55:00+00:00 CVE-2013-2475 2013-03-07T15:55:00+00:00 The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-03-07T15:55:00+00:00 CVE-2015-3809 2015-05-26T15:59:00+00:00 The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-05-26T15:59:00+00:00 CVE-2013-3557 2013-05-25T03:18:00+00:00 The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-25T03:18:00+00:00 CVE-2014-4020 2014-06-18T16:55:00+00:00 The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-06-18T16:55:00+00:00 CVE-2011-3482 2011-09-20T10:55:00+00:00 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2011-09-20T10:55:00+00:00 CVE-2017-13766 2017-08-30T09:29:00+00:00 In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. 2017-08-30T09:29:00+00:00 CVE-2017-13764 2017-08-30T09:29:00+00:00 In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. 2017-08-30T09:29:00+00:00 CVE-2008-5285 2008-12-01T15:30:00+00:00 Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. 2008-12-01T15:30:00+00:00 CVE-2007-6116 2007-11-23T20:46:00+00:00 The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. 2007-11-23T20:46:00+00:00 CVE-2011-3266 2011-08-24T00:55:00+00:00 The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. 2011-08-24T00:55:00+00:00 CVE-2013-2486 2013-03-07T15:55:00+00:00 The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. 2013-03-07T15:55:00+00:00 CVE-2017-13765 2017-08-30T09:29:00+00:00 In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. 2017-08-30T09:29:00+00:00 CVE-2013-2487 2013-03-07T15:55:00+00:00 epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. 2013-03-07T15:55:00+00:00 CVE-2013-2480 2013-03-07T15:55:00+00:00 The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-03-07T15:55:00+00:00 CVE-2011-3360 2011-09-20T10:55:00+00:00 Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' 2011-09-20T10:55:00+00:00 CVE-2013-2482 2013-03-07T15:55:00+00:00 The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-03-07T15:55:00+00:00 CVE-2013-2479 2013-03-07T15:55:00+00:00 The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. 2013-03-07T15:55:00+00:00 CVE-2013-2477 2013-03-07T15:55:00+00:00 The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-03-07T15:55:00+00:00 CVE-2007-6450 2007-12-19T22:46:00+00:00 The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. 2007-12-19T22:46:00+00:00 CVE-2007-6438 2007-12-19T22:46:00+00:00 Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111. 2007-12-19T22:46:00+00:00 CVE-2010-4301 2010-11-26T19:00:00+00:00 epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. 2010-11-26T19:00:00+00:00 CVE-2008-4685 2008-10-22T18:00:00+00:00 Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. 2008-10-22T18:00:00+00:00 CVE-2008-4680 2008-10-22T18:00:00+00:00 packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). 2008-10-22T18:00:00+00:00 CVE-2012-3825 2012-06-30T10:15:00+00:00 Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392. 2012-06-30T10:15:00+00:00 CVE-2007-6121 2007-11-23T20:46:00+00:00 Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. 2007-11-23T20:46:00+00:00 CVE-2007-6111 2007-11-23T20:46:00+00:00 Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. 2007-11-23T20:46:00+00:00 CVE-2012-3548 2012-08-30T22:55:00+00:00 The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. 2012-08-30T22:55:00+00:00 CVE-2008-4684 2008-10-22T18:00:00+00:00 packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. 2008-10-22T18:00:00+00:00 CVE-2008-4683 2008-10-22T18:00:00+00:00 The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. 2008-10-22T18:00:00+00:00 CVE-2008-4681 2008-10-22T18:00:00+00:00 Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets. 2008-10-22T18:00:00+00:00 CVE-2008-4682 2008-10-22T18:00:00+00:00 wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. 2008-10-22T18:00:00+00:00 CVE-2020-11647 2020-04-10T21:15:00+00:00 In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. 2020-04-10T21:15:00+00:00 CVE-2014-2282 2014-03-11T13:01:00+00:00 The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. 2014-03-11T13:01:00+00:00 CVE-2014-2299 2014-03-11T13:01:00+00:00 Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. 2014-03-11T13:01:00+00:00 CVE-2014-2281 2014-03-11T13:01:00+00:00 The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. 2014-03-11T13:01:00+00:00 CVE-2015-3182 2016-01-04T05:59:00+00:00 epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T05:59:00+00:00 CVE-2014-2283 2014-03-11T13:01:00+00:00 epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> 2014-03-11T13:01:00+00:00 CVE-2006-5468 2006-10-27T23:07:00+00:00 Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors. 2006-10-27T23:07:00+00:00 CVE-2019-10903 2019-04-09T04:29:00+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. 2019-04-09T04:29:00+00:00 CVE-2009-4378 2009-12-21T21:30:00+00:00 The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." 2009-12-21T21:30:00+00:00 CVE-2017-11409 2017-07-18T21:29:00+00:00 In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. 2017-07-18T21:29:00+00:00 CVE-2009-4376 2009-12-21T21:30:00+00:00 Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. 2009-12-21T21:30:00+00:00 CVE-2009-4377 2009-12-21T21:30:00+00:00 The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap. 2009-12-21T21:30:00+00:00 CVE-2017-11411 2017-07-18T21:29:00+00:00 In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. 2017-07-18T21:29:00+00:00 CVE-2017-11406 2017-07-18T21:29:00+00:00 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. 2017-07-18T21:29:00+00:00 CVE-2015-2187 2015-03-08T02:59:00+00:00 The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. 2015-03-08T02:59:00+00:00 CVE-2012-2392 2012-06-30T10:15:00+00:00 Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. 2012-06-30T10:15:00+00:00 CVE-2019-10898 2019-04-09T04:29:00+00:00 In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. 2019-04-09T04:29:00+00:00 CVE-2006-5740 2006-10-27T23:07:00+00:00 Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet. 2006-10-27T23:07:00+00:00 CVE-2019-10901 2019-04-09T04:29:00+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. 2019-04-09T04:29:00+00:00 CVE-2009-3241 2009-09-18T10:30:00+00:00 Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. 2009-09-18T10:30:00+00:00 CVE-2019-10902 2019-04-09T04:29:00+00:00 In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. 2019-04-09T04:29:00+00:00 CVE-2019-10895 2019-04-09T04:29:00+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. 2019-04-09T04:29:00+00:00 CVE-2013-1585 2013-02-03T01:55:00+00:00 epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2013-1573 2013-02-03T01:55:00+00:00 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2008-3140 2008-07-10T23:41:00+00:00 The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." 2008-07-10T23:41:00+00:00 CVE-2006-5595 2006-10-28T00:07:00+00:00 Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing. 2006-10-28T00:07:00+00:00 CVE-2019-10897 2019-04-09T04:29:00+00:00 In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. 2019-04-09T04:29:00+00:00 CVE-2011-2698 2011-08-23T21:55:00+00:00 Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. 2011-08-23T21:55:00+00:00 CVE-2019-10900 2019-04-09T04:29:00+00:00 In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. 2019-04-09T04:29:00+00:00 CVE-2019-10894 2019-04-09T04:29:00+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. 2019-04-09T04:29:00+00:00 CVE-2006-4330 2006-08-24T20:04:00+00:00 Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. 2006-08-24T20:04:00+00:00 CVE-2013-1580 2013-02-03T01:55:00+00:00 The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2019-10896 2019-04-09T04:29:00+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. 2019-04-09T04:29:00+00:00 CVE-2012-2394 2012-06-30T10:15:00+00:00 Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. 2012-06-30T10:15:00+00:00 CVE-2008-3141 2008-07-10T23:41:00+00:00 Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. 2008-07-10T23:41:00+00:00 CVE-2011-2597 2011-07-07T19:55:00+00:00 The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. 2011-07-07T19:55:00+00:00 CVE-2015-2190 2015-03-08T02:59:00+00:00 epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. 2015-03-08T02:59:00+00:00 CVE-2006-5469 2006-10-28T00:07:00+00:00 Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference. 2006-10-28T00:07:00+00:00 CVE-2010-2993 2010-08-13T18:43:00+00:00 The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. 2010-08-13T18:43:00+00:00 CVE-2008-3932 2008-09-04T19:41:00+00:00 Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. 2008-09-04T19:41:00+00:00 CVE-2006-4332 2006-08-24T20:04:00+00:00 Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. 2006-08-24T20:04:00+00:00 CVE-2010-2995 2010-08-13T18:43:00+00:00 The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287. 2010-08-13T18:43:00+00:00 CVE-2011-1958 2011-06-06T19:55:00+00:00 Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' 2011-06-06T19:55:00+00:00 CVE-2009-2559 2009-07-21T17:30:00+00:00 Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information. 2009-07-21T17:30:00+00:00 CVE-2006-4805 2006-10-27T23:07:00+00:00 epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. Update to version 0.99.4. 2006-10-27T23:07:00+00:00 CVE-2013-1582 2013-02-03T01:55:00+00:00 The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2013-1574 2013-02-03T01:55:00+00:00 The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2006-4331 2006-08-24T20:04:00+00:00 Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. 2006-08-24T20:04:00+00:00 CVE-2013-1584 2013-02-03T01:55:00+00:00 The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2013-1572 2013-02-03T01:55:00+00:00 The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2011-2174 2011-06-06T19:55:00+00:00 Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. 2011-06-06T19:55:00+00:00 CVE-2011-2175 2011-06-06T19:55:00+00:00 Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. 2011-06-06T19:55:00+00:00 CVE-2013-1589 2013-02-03T01:55:00+00:00 Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2013-1578 2013-02-03T01:55:00+00:00 The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2019-10899 2019-04-09T04:29:00+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. 2019-04-09T04:29:00+00:00 CVE-2008-3934 2008-09-04T19:41:00+00:00 Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. 2008-09-04T19:41:00+00:00 CVE-2015-2189 2015-03-08T02:59:00+00:00 Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. 2015-03-08T02:59:00+00:00 CVE-2007-6120 2007-11-23T20:46:00+00:00 The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. 2007-11-23T20:46:00+00:00 CVE-2010-3445 2010-11-26T19:00:00+00:00 Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. 2010-11-26T19:00:00+00:00 CVE-2007-3393 2007-06-26T00:30:00+00:00 Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. 2007-06-26T00:30:00+00:00 CVE-2008-3145 2008-07-16T18:41:00+00:00 The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. 2008-07-16T18:41:00+00:00 CVE-2008-3146 2008-09-02T14:24:00+00:00 Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. 2008-09-02T14:24:00+00:00 CVE-2010-2284 2010-06-15T14:04:00+00:00 Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. 2010-06-15T14:04:00+00:00 CVE-2006-4333 2006-08-24T20:04:00+00:00 The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. 2006-08-24T20:04:00+00:00 CVE-2010-3133 2010-08-26T18:36:00+00:00 Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability' 2010-08-26T18:36:00+00:00 CVE-2011-1959 2011-06-06T19:55:00+00:00 The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. 2011-06-06T19:55:00+00:00 CVE-2010-2283 2010-06-15T14:04:00+00:00 The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' 2010-06-15T14:04:00+00:00 CVE-2009-2562 2009-07-21T17:30:00+00:00 Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. 2009-07-21T17:30:00+00:00 CVE-2007-3391 2007-06-26T00:30:00+00:00 Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. 2007-06-26T00:30:00+00:00 CVE-2011-1957 2011-06-06T19:55:00+00:00 The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. 2011-06-06T19:55:00+00:00 CVE-2015-2192 2015-03-08T02:59:00+00:00 Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. 2015-03-08T02:59:00+00:00 CVE-2015-2191 2015-03-08T02:59:00+00:00 Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. 2015-03-08T02:59:00+00:00 CVE-2011-1592 2011-04-29T22:55:00+00:00 The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. 2011-04-29T22:55:00+00:00 CVE-2017-11408 2017-07-18T21:29:00+00:00 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. 2017-07-18T21:29:00+00:00 CVE-2009-3550 2009-10-30T20:30:00+00:00 The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. 2009-10-30T20:30:00+00:00 CVE-2007-3390 2007-06-26T00:30:00+00:00 Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. 2007-06-26T00:30:00+00:00 CVE-2008-3933 2008-09-04T19:41:00+00:00 Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function. 2008-09-04T19:41:00+00:00 CVE-2009-3243 2009-09-18T10:30:00+00:00 Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. 2009-09-18T10:30:00+00:00 CVE-2010-2992 2010-08-13T18:43:00+00:00 packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference. 2010-08-13T18:43:00+00:00 CVE-2012-1594 2012-04-11T10:39:00+00:00 epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2012-04-11T10:39:00+00:00 CVE-2011-1591 2011-04-29T22:55:00+00:00 Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. 2011-04-29T22:55:00+00:00 CVE-2009-3829 2009-10-30T20:30:00+00:00 Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability." 2009-10-30T20:30:00+00:00 CVE-2017-11410 2017-07-18T21:29:00+00:00 In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. 2017-07-18T21:29:00+00:00 CVE-2013-1590 2013-02-03T01:55:00+00:00 Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2009-3549 2009-10-30T20:30:00+00:00 packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. 2009-10-30T20:30:00+00:00 CVE-2010-2994 2010-08-13T18:43:00+00:00 Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression. 2010-08-13T18:43:00+00:00 CVE-2015-2188 2015-03-08T02:59:00+00:00 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. 2015-03-08T02:59:00+00:00 CVE-2013-1583 2013-02-03T01:55:00+00:00 The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2013-1581 2013-02-03T01:55:00+00:00 The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2009-1829 2009-05-29T22:30:00+00:00 Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. 2009-05-29T22:30:00+00:00 CVE-2009-2560 2009-07-21T17:30:00+00:00 Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9. 2009-07-21T17:30:00+00:00 CVE-2008-3138 2008-07-10T23:41:00+00:00 The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. 2008-07-10T23:41:00+00:00 CVE-2010-2286 2010-06-15T14:04:00+00:00 The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. 2010-06-15T14:04:00+00:00 CVE-2013-1587 2013-02-03T01:55:00+00:00 The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2013-1576 2013-02-03T01:55:00+00:00 The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2017-11407 2017-07-18T21:29:00+00:00 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. 2017-07-18T21:29:00+00:00 CVE-2007-3392 2007-06-26T00:30:00+00:00 Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. 2007-06-26T00:30:00+00:00 CVE-2008-3139 2008-07-10T23:41:00+00:00 The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. 2008-07-10T23:41:00+00:00 CVE-2010-2287 2010-06-15T14:04:00+00:00 Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors. 2010-06-15T14:04:00+00:00 CVE-2011-1590 2011-04-29T22:55:00+00:00 The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. 2011-04-29T22:55:00+00:00 CVE-2006-3630 2006-07-21T14:03:00+00:00 Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors. 2006-07-21T14:03:00+00:00 CVE-2006-4574 2006-10-28T00:07:00+00:00 Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values. 2006-10-28T00:07:00+00:00 CVE-2006-3628 2006-07-21T14:03:00+00:00 Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. This vulnerability is addressed in the following product release: Ethereal Group, Ethereal, 0.99.2 2006-07-21T14:03:00+00:00 CVE-2009-2563 2009-07-21T17:30:00+00:00 Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors. 2009-07-21T17:30:00+00:00 CVE-2012-1596 2012-04-11T10:39:00+00:00 The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. 2012-04-11T10:39:00+00:00 CVE-2006-3627 2006-07-21T14:03:00+00:00 Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors. This vulnerability is addressed in the following product release: Wireshark, Ethereal, 0.99.2 2006-07-21T14:03:00+00:00 CVE-2009-3551 2009-10-30T20:30:00+00:00 Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. 2009-10-30T20:30:00+00:00 CVE-2013-1586 2013-02-03T01:55:00+00:00 The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2013-1575 2013-02-03T01:55:00+00:00 The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2006-3631 2006-07-21T14:03:00+00:00 Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. This vulnerability is addressed in the following product release: Ethereal Group, Ethereal, 0.99.2 2006-07-21T14:03:00+00:00 CVE-2009-3242 2009-09-18T10:30:00+00:00 Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. 2009-09-18T10:30:00+00:00 CVE-2012-1593 2012-04-11T10:39:00+00:00 epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' 2012-04-11T10:39:00+00:00 CVE-2012-2393 2012-06-30T10:15:00+00:00 epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. 2012-06-30T10:15:00+00:00 CVE-2013-1588 2013-02-03T01:55:00+00:00 Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2013-1577 2013-02-03T01:55:00+00:00 The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2008-3137 2008-07-10T23:41:00+00:00 The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. 2008-07-10T23:41:00+00:00 CVE-2007-3389 2007-06-26T00:30:00+00:00 Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. 2007-06-26T00:30:00+00:00 CVE-2009-2561 2009-07-21T17:30:00+00:00 Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors. 2009-07-21T17:30:00+00:00 CVE-2010-2285 2010-06-15T14:04:00+00:00 The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' 2010-06-15T14:04:00+00:00 CVE-2013-1579 2013-02-03T01:55:00+00:00 The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-03T01:55:00+00:00 CVE-2011-1143 2011-03-03T01:00:00+00:00 epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' 2011-03-03T01:00:00+00:00 CVE-2011-1140 2011-03-03T01:00:00+00:00 Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet. 2011-03-03T01:00:00+00:00 CVE-2011-1956 2011-06-06T19:55:00+00:00 The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' 2011-06-06T19:55:00+00:00 CVE-2011-1139 2011-03-03T01:00:00+00:00 wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field. 2011-03-03T01:00:00+00:00 CVE-2012-1595 2012-04-11T10:39:00+00:00 The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. 2012-04-11T10:39:00+00:00 CVE-2011-1138 2011-03-03T01:00:00+00:00 Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. 2011-03-03T01:00:00+00:00 CVE-2011-1142 2011-03-03T01:00:00+00:00 Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values. 2011-03-03T01:00:00+00:00 CVE-2010-1455 2010-05-12T11:46:00+00:00 The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. 2010-05-12T11:46:00+00:00 CVE-2011-1141 2011-03-03T01:00:00+00:00 epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements. 2011-03-03T01:00:00+00:00 CVE-2008-1563 2008-03-31T22:44:00+00:00 The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2008-03-31T22:44:00+00:00 CVE-2008-1562 2008-03-31T22:44:00+00:00 The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. 2008-03-31T22:44:00+00:00 CVE-2011-0538 2011-02-08T22:00:00+00:00 Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. 2011-02-08T22:00:00+00:00 CVE-2015-0562 2015-01-10T02:59:00+00:00 Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> 2015-01-10T02:59:00+00:00 CVE-2009-1210 2009-04-01T10:30:00+00:00 Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. 2009-04-01T10:30:00+00:00 CVE-2009-1266 2009-04-21T15:30:00+00:00 Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors. 2009-04-21T15:30:00+00:00 CVE-2008-1561 2008-03-31T22:44:00+00:00 Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang. 2008-03-31T22:44:00+00:00 CVE-2015-0559 2015-01-10T02:59:00+00:00 Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> 2015-01-10T02:59:00+00:00 CVE-2009-1268 2009-04-13T16:30:00+00:00 The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. 2009-04-13T16:30:00+00:00 CVE-2009-1269 2009-04-13T16:30:00+00:00 Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. 2009-04-13T16:30:00+00:00 CVE-2015-0561 2015-01-10T02:59:00+00:00 asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. 2015-01-10T02:59:00+00:00 CVE-2012-0042 2012-04-11T10:39:00+00:00 Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference' 2012-04-11T10:39:00+00:00 CVE-2011-0444 2011-01-13T01:00:00+00:00 Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. 2011-01-13T01:00:00+00:00 CVE-2008-1071 2008-02-28T22:44:00+00:00 The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. 2008-02-28T22:44:00+00:00 CVE-2009-0601 2009-02-16T20:30:00+00:00 Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. Per http://www.vupen.com/english/advisories/2009/0370: "Multiple vulnerabilities have been identified in Wireshark, which could be exploited by local or remote attackers to cause a denial of service or compromise a vulnerable system." 2009-02-16T20:30:00+00:00 CVE-2008-1070 2008-02-28T22:44:00+00:00 The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. 2008-02-28T22:44:00+00:00 CVE-2015-0560 2015-01-10T02:59:00+00:00 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-01-10T02:59:00+00:00 CVE-2010-0304 2010-02-03T18:30:00+00:00 Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function. 2010-02-03T18:30:00+00:00 CVE-2015-0563 2015-01-10T02:59:00+00:00 epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-01-10T02:59:00+00:00 CVE-2009-1267 2009-04-13T16:30:00+00:00 Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. 2009-04-13T16:30:00+00:00 CVE-2008-1072 2008-02-28T22:44:00+00:00 The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. 2008-02-28T22:44:00+00:00 CVE-2009-0599 2009-02-16T20:30:00+00:00 Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. 2009-02-16T20:30:00+00:00 CVE-2009-0600 2009-02-16T20:30:00+00:00 Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. 2009-02-16T20:30:00+00:00 CVE-2007-0458 2007-02-02T20:28:00+00:00 Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468. 2007-02-02T20:28:00+00:00 CVE-2007-0456 2007-02-02T20:28:00+00:00 Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. 2007-02-02T20:28:00+00:00 CVE-2007-0457 2007-02-02T20:28:00+00:00 Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. 2007-02-02T20:28:00+00:00 CVE-2012-0066 2012-04-11T10:39:00+00:00 Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. 2012-04-11T10:39:00+00:00 CVE-2011-0713 2011-03-03T01:00:00+00:00 Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. 2011-03-03T01:00:00+00:00 CVE-2012-0043 2012-04-11T10:39:00+00:00 Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. 2012-04-11T10:39:00+00:00 CVE-2015-0564 2015-01-10T02:59:00+00:00 Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. 2015-01-10T02:59:00+00:00 CVE-2011-0445 2011-01-13T01:00:00+00:00 The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. 2011-01-13T01:00:00+00:00 CVE-2007-0459 2007-02-02T20:28:00+00:00 packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets. 2007-02-02T20:28:00+00:00 CVE-2012-0067 2012-04-11T10:39:00+00:00 wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. 2012-04-11T10:39:00+00:00 CVE-2011-0024 2011-03-28T16:55:00+00:00 Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. 2011-03-28T16:55:00+00:00 CVE-2012-0041 2012-04-11T10:39:00+00:00 The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. 2012-04-11T10:39:00+00:00 CVE-2012-0068 2012-04-11T10:39:00+00:00 The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small. 2012-04-11T10:39:00+00:00 CVE-2019-16319 2019-09-15T12:15:13.393000+00:00 In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. 2019-09-15T12:15:13.393000+00:00 CVE-2019-13619 2019-07-17T16:15:11.617000+00:00 In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. 2019-07-17T16:15:11.617000+00:00 CVE-2019-12295 2019-05-23T08:29:00.393000+00:00 In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. 2019-05-23T08:29:00.393000+00:00 CVE-2019-10894 2019-04-09T00:29:00.777000+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. 2019-04-09T00:29:00.777000+00:00 CVE-2019-10895 2019-04-09T00:29:01.013000+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. 2019-04-09T00:29:01.013000+00:00 CVE-2019-10896 2019-04-09T00:29:01.123000+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. 2019-04-09T00:29:01.123000+00:00 CVE-2019-10897 2019-04-09T00:29:01.187000+00:00 In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. 2019-04-09T00:29:01.187000+00:00 CVE-2019-10898 2019-04-09T00:29:01.263000+00:00 In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. 2019-04-09T00:29:01.263000+00:00 CVE-2019-10899 2019-04-09T00:29:01.340000+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. 2019-04-09T00:29:01.340000+00:00 CVE-2019-10900 2019-04-09T00:29:01.420000+00:00 In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. 2019-04-09T00:29:01.420000+00:00 CVE-2019-10901 2019-04-09T00:29:01.480000+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. 2019-04-09T00:29:01.480000+00:00 CVE-2019-10902 2019-04-09T00:29:01.560000+00:00 In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. 2019-04-09T00:29:01.560000+00:00 CVE-2019-10903 2019-04-09T00:29:01.653000+00:00 In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. 2019-04-09T00:29:01.653000+00:00 CVE-2019-9209 2019-02-27T23:29:00.327000+00:00 In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. 2019-02-27T23:29:00.327000+00:00 CVE-2019-9214 2019-02-27T23:29:00.387000+00:00 In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. 2019-02-27T23:29:00.387000+00:00 CVE-2019-5716 2019-01-08T18:29:00.280000+00:00 In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. 2019-01-08T18:29:00.280000+00:00 CVE-2019-5717 2019-01-08T18:29:00.373000+00:00 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. 2019-01-08T18:29:00.373000+00:00 CVE-2019-5718 2019-01-08T18:29:00.437000+00:00 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. 2019-01-08T18:29:00.437000+00:00 CVE-2019-5719 2019-01-08T18:29:00.513000+00:00 In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. 2019-01-08T18:29:00.513000+00:00 CVE-2019-5721 2019-01-08T18:29:00.577000+00:00 In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. 2019-01-08T18:29:00.577000+00:00 CVE-2018-19622 2018-11-28T23:29:00.233000+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. 2018-11-28T23:29:00.233000+00:00 CVE-2018-19623 2018-11-28T23:29:00.327000+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. 2018-11-28T23:29:00.327000+00:00 CVE-2018-19624 2018-11-28T23:29:00.407000+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. 2018-11-28T23:29:00.407000+00:00 CVE-2018-19625 2018-11-28T23:29:00.500000+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. 2018-11-28T23:29:00.500000+00:00 CVE-2018-19626 2018-11-28T23:29:00.577000+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. 2018-11-28T23:29:00.577000+00:00 CVE-2018-19627 2018-11-28T23:29:00.657000+00:00 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. 2018-11-28T23:29:00.657000+00:00 CVE-2018-19628 2018-11-28T23:29:00.717000+00:00 In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. 2018-11-28T23:29:00.717000+00:00 CVE-2018-18225 2018-10-12T02:29:00.830000+00:00 In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. 2018-10-12T02:29:00.830000+00:00 CVE-2018-18226 2018-10-12T02:29:01.113000+00:00 In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. 2018-10-12T02:29:01.113000+00:00 CVE-2018-18227 2018-10-12T02:29:01.347000+00:00 In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. 2018-10-12T02:29:01.347000+00:00 CVE-2018-16056 2018-08-29T21:29:00.293000+00:00 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. 2018-08-29T21:29:00.293000+00:00 CVE-2018-16057 2018-08-29T21:29:00.403000+00:00 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. 2018-08-29T21:29:00.403000+00:00 CVE-2018-16058 2018-08-29T21:29:00.527000+00:00 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. 2018-08-29T21:29:00.527000+00:00 CVE-2012-1594 2012-04-11T06:39:26.623000+00:00 epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2012-04-11T06:39:26.623000+00:00 CVE-2012-1596 2012-04-11T06:39:26.747000+00:00 The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. 2012-04-11T06:39:26.747000+00:00 CVE-2012-2392 2012-06-30T06:15:04.967000+00:00 Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. 2012-06-30T06:15:04.967000+00:00 CVE-2012-2393 2012-06-30T06:15:05.060000+00:00 epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. 2012-06-30T06:15:05.060000+00:00 CVE-2012-2394 2012-06-30T06:15:05.107000+00:00 Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. 2012-06-30T06:15:05.107000+00:00 CVE-2012-3825 2012-06-30T06:15:05.153000+00:00 Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392. 2012-06-30T06:15:05.153000+00:00 CVE-2012-3826 2012-06-30T06:15:05.187000+00:00 Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392. 2012-06-30T06:15:05.187000+00:00 CVE-2011-1590 2011-04-29T18:55:02.547000+00:00 The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. 2011-04-29T18:55:02.547000+00:00 CVE-2011-1957 2011-06-06T15:55:02.723000+00:00 The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. 2011-06-06T15:55:02.723000+00:00 CVE-2011-2174 2011-06-06T15:55:02.893000+00:00 Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. 2011-06-06T15:55:02.893000+00:00 CVE-2011-2597 2011-07-07T15:55:02.600000+00:00 The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. 2011-07-07T15:55:02.600000+00:00 CVE-2012-1595 2012-04-11T06:39:26.687000+00:00 The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. 2012-04-11T06:39:26.687000+00:00 CVE-2011-1958 2011-06-06T15:55:02.753000+00:00 Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. 2011-06-06T15:55:02.753000+00:00 CVE-2011-1959 2011-06-06T15:55:02.787000+00:00 The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. 2011-06-06T15:55:02.787000+00:00 CVE-2011-2175 2011-06-06T15:55:02.940000+00:00 Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. 2011-06-06T15:55:02.940000+00:00 CVE-2011-2698 2011-08-23T17:55:01.993000+00:00 Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. 2011-08-23T17:55:01.993000+00:00 CVE-2011-4102 2011-11-03T11:55:01.043000+00:00 Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file. 2011-11-03T11:55:01.043000+00:00 CVE-2009-0599 2009-02-16T15:30:00.203000+00:00 Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. 2009-02-16T15:30:00.203000+00:00 CVE-2009-4376 2009-12-21T16:30:00.267000+00:00 Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. 2009-12-21T16:30:00.267000+00:00 CVE-2011-1138 2011-03-02T20:00:01.317000+00:00 Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. 2011-03-02T20:00:01.317000+00:00 CVE-2011-1143 2011-03-02T20:00:01.660000+00:00 epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. 2011-03-02T20:00:01.660000+00:00 CVE-2012-5237 2012-10-04T15:55:00.870000+00:00 The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2012-10-04T15:55:00.870000+00:00 CVE-2012-5238 2012-10-04T15:55:00.917000+00:00 epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. 2012-10-04T15:55:00.917000+00:00 CVE-2012-5240 2012-10-04T15:55:00.963000+00:00 Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. 2012-10-04T15:55:00.963000+00:00 CVE-2012-6052 2012-12-05T06:57:19.587000+00:00 Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files. 2012-12-05T06:57:19.587000+00:00 CVE-2012-6053 2012-12-05T06:57:19.913000+00:00 epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field. 2012-12-05T06:57:19.913000+00:00 CVE-2012-6054 2012-12-05T06:57:19.943000+00:00 The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6. 2012-12-05T06:57:19.943000+00:00 CVE-2012-6055 2012-12-05T06:57:19.990000+00:00 epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field. 2012-12-05T06:57:19.990000+00:00 CVE-2012-6057 2012-12-05T06:57:20.070000+00:00 The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet. 2012-12-05T06:57:20.070000+00:00 CVE-2012-6058 2012-12-05T06:57:20.117000+00:00 Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value. 2012-12-05T06:57:20.117000+00:00 CVE-2012-6059 2012-12-05T06:57:20.163000+00:00 The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2012-12-05T06:57:20.163000+00:00 CVE-2007-6119 2007-11-23T20:46:00+00:00 The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. 2007-11-23T20:46:00+00:00 CVE-2013-1572 2013-02-02T20:55:05.927000+00:00 The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02T20:55:05.927000+00:00 CVE-2013-1573 2013-02-02T20:55:06.207000+00:00 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02T20:55:06.207000+00:00 CVE-2013-1574 2013-02-02T20:55:06.287000+00:00 The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02T20:55:06.287000+00:00 CVE-2013-1575 2013-02-02T20:55:06.380000+00:00 The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02T20:55:06.380000+00:00 CVE-2013-1576 2013-02-02T20:55:06.600000+00:00 The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02T20:55:06.600000+00:00 CVE-2013-1577 2013-02-02T20:55:06.897000+00:00 The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02T20:55:06.897000+00:00 CVE-2013-1578 2013-02-02T20:55:06.973000+00:00 The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. 2013-02-02T20:55:06.973000+00:00 CVE-2013-1579 2013-02-02T20:55:07.147000+00:00 The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02T20:55:07.147000+00:00 CVE-2013-1580 2013-02-02T20:55:07.223000+00:00 The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-02-02T20:55:07.223000+00:00 CVE-2013-1581 2013-02-02T20:55:07.303000+00:00 The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. 2013-02-02T20:55:07.303000+00:00 CVE-2013-1582 2013-02-02T20:55:07.363000+00:00 The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. 2013-02-02T20:55:07.363000+00:00 CVE-2013-1583 2013-02-02T20:55:07.443000+00:00 The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02T20:55:07.443000+00:00 CVE-2013-1584 2013-02-02T20:55:07.507000+00:00 The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02T20:55:07.507000+00:00 CVE-2013-1585 2013-02-02T20:55:07.567000+00:00 epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02T20:55:07.567000+00:00 CVE-2013-1586 2013-02-02T20:55:07.630000+00:00 The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02T20:55:07.630000+00:00 CVE-2013-1587 2013-02-02T20:55:07.707000+00:00 The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02T20:55:07.707000+00:00 CVE-2013-1588 2013-02-02T20:55:07.770000+00:00 Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02T20:55:07.770000+00:00 CVE-2013-1589 2013-02-02T20:55:07.863000+00:00 Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02T20:55:07.863000+00:00 CVE-2013-1590 2013-02-02T20:55:07.927000+00:00 Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-02-02T20:55:07.927000+00:00 CVE-2013-5717 2013-09-16T09:01:46.877000+00:00 The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. 2013-09-16T09:01:46.877000+00:00 CVE-2013-5719 2013-09-16T09:01:46.910000+00:00 epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2013-09-16T09:01:46.910000+00:00 CVE-2013-5718 2013-09-16T09:01:46.893000+00:00 The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-09-16T09:01:46.893000+00:00 CVE-2013-5720 2013-09-16T09:01:46.910000+00:00 Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-09-16T09:01:46.910000+00:00 CVE-2013-5722 2013-09-16T09:01:46.927000+00:00 Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-09-16T09:01:46.927000+00:00 CVE-2013-7113 2013-12-19T17:55:04.633000+00:00 epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-12-19T17:55:04.633000+00:00 CVE-2012-6056 2012-12-05T06:57:20.037000+00:00 Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count. 2012-12-05T06:57:20.037000+00:00 CVE-2012-6060 2012-12-05T06:57:20.193000+00:00 Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2012-12-05T06:57:20.193000+00:00 CVE-2012-6061 2012-12-05T06:57:20.240000+00:00 The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet. 2012-12-05T06:57:20.240000+00:00 CVE-2012-6062 2012-12-05T06:57:20.273000+00:00 The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2012-12-05T06:57:20.273000+00:00 CVE-2013-5721 2013-09-16T09:01:46.927000+00:00 The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-09-16T09:01:46.927000+00:00 CVE-2013-6336 2013-11-04T11:55:05.233000+00:00 The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-11-04T11:55:05.233000+00:00 CVE-2013-6337 2013-11-04T11:55:05.263000+00:00 Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-11-04T11:55:05.263000+00:00 CVE-2013-6338 2013-11-04T11:55:05.280000+00:00 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-11-04T11:55:05.280000+00:00 CVE-2013-6339 2013-11-04T11:55:05.310000+00:00 The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. 2013-11-04T11:55:05.310000+00:00 CVE-2013-6340 2013-11-04T11:55:05.343000+00:00 epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-11-04T11:55:05.343000+00:00 CVE-2013-7112 2013-12-19T17:55:04.617000+00:00 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2013-12-19T17:55:04.617000+00:00 CVE-2013-7114 2013-12-19T17:55:04.663000+00:00 Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. 2013-12-19T17:55:04.663000+00:00 CVE-2009-1266 2009-04-21T11:30:00.343000+00:00 Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors. 2009-04-21T11:30:00.343000+00:00 CVE-2014-2907 2014-04-24T06:55:02.397000+00:00 The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-04-24T06:55:02.397000+00:00 CVE-2014-4020 2014-06-18T12:55:08.233000+00:00 The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-06-18T12:55:08.233000+00:00 CVE-2014-4174 2014-06-18T12:55:08.360000+00:00 wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. 2014-06-18T12:55:08.360000+00:00 CVE-2013-4083 2013-06-09T17:55:01.667000+00:00 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-06-09T17:55:01.667000+00:00 CVE-2013-4920 2013-07-29T20:56:14.470000+00:00 The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-29T20:56:14.470000+00:00 CVE-2013-4921 2013-07-29T20:56:15.747000+00:00 Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-29T20:56:15.747000+00:00 CVE-2013-4922 2013-07-29T20:56:15.780000+00:00 Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-29T20:56:15.780000+00:00 CVE-2013-4923 2013-07-29T20:56:15.800000+00:00 Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. 2013-07-29T20:56:15.800000+00:00 CVE-2013-4924 2013-07-29T20:56:15.817000+00:00 epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. 2013-07-29T20:56:15.817000+00:00 CVE-2013-4925 2013-07-29T20:56:15.837000+00:00 Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet. 2013-07-29T20:56:15.837000+00:00 CVE-2013-4926 2013-07-29T20:56:15.853000+00:00 epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-29T20:56:15.853000+00:00 CVE-2013-4927 2013-07-29T20:56:15.870000+00:00 Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. 2013-07-29T20:56:15.870000+00:00 CVE-2013-4928 2013-07-29T20:56:15.887000+00:00 Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2013-07-29T20:56:15.887000+00:00 CVE-2013-4929 2013-07-29T20:56:15.903000+00:00 The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. 2013-07-29T20:56:15.903000+00:00 CVE-2013-4930 2013-07-29T20:56:15.923000+00:00 The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. 2013-07-29T20:56:15.923000+00:00 CVE-2013-4931 2013-07-29T20:56:15.943000+00:00 epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. 2013-07-29T20:56:15.943000+00:00 CVE-2013-4932 2013-07-29T20:56:15.963000+00:00 Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-29T20:56:15.963000+00:00 CVE-2013-4933 2013-07-29T20:56:15.997000+00:00 The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. 2013-07-29T20:56:15.997000+00:00 CVE-2013-4934 2013-07-29T20:56:16.030000+00:00 The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. 2013-07-29T20:56:16.030000+00:00 CVE-2013-4935 2013-07-29T20:56:16.047000+00:00 The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-07-29T20:56:16.047000+00:00 CVE-2014-6421 2014-09-20T06:55:06.137000+00:00 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. 2014-09-20T06:55:06.137000+00:00 CVE-2014-6422 2014-09-20T06:55:06.183000+00:00 The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. 2014-09-20T06:55:06.183000+00:00 CVE-2014-6423 2014-09-20T06:55:06.230000+00:00 The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. 2014-09-20T06:55:06.230000+00:00 CVE-2014-6424 2014-09-20T06:55:06.277000+00:00 The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. 2014-09-20T06:55:06.277000+00:00 CVE-2014-6425 2014-09-20T06:55:06.323000+00:00 The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character. 2014-09-20T06:55:06.323000+00:00 CVE-2014-6426 2014-09-20T06:55:06.370000+00:00 The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2014-09-20T06:55:06.370000+00:00 CVE-2014-6427 2014-09-20T06:55:06.433000+00:00 Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. 2014-09-20T06:55:06.433000+00:00 CVE-2014-6428 2014-09-20T06:55:06.480000+00:00 The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-09-20T06:55:06.480000+00:00 CVE-2014-6429 2014-09-20T06:55:06.527000+00:00 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2014-09-20T06:55:06.527000+00:00 CVE-2014-6430 2014-09-20T06:55:06.573000+00:00 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2014-09-20T06:55:06.573000+00:00 CVE-2014-6431 2014-09-20T06:55:06.620000+00:00 Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. 2014-09-20T06:55:06.620000+00:00 CVE-2014-6432 2014-09-20T06:55:06.667000+00:00 The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2014-09-20T06:55:06.667000+00:00 CVE-2011-0538 2011-02-08T17:00:01.680000+00:00 Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. 2011-02-08T17:00:01.680000+00:00 CVE-2014-2281 2014-03-11T09:01:10.077000+00:00 The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. 2014-03-11T09:01:10.077000+00:00 CVE-2014-2283 2014-03-11T09:01:10.263000+00:00 epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. 2014-03-11T09:01:10.263000+00:00 CVE-2015-0559 2015-01-09T21:59:38.023000+00:00 Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. 2015-01-09T21:59:38.023000+00:00 CVE-2015-0560 2015-01-09T21:59:38.990000+00:00 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-01-09T21:59:38.990000+00:00 CVE-2013-2480 2013-03-07T10:55:01.637000+00:00 The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-03-07T10:55:01.637000+00:00 CVE-2013-2482 2013-03-07T10:55:01.777000+00:00 The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-03-07T10:55:01.777000+00:00 CVE-2013-2483 2013-03-07T10:55:01.827000+00:00 The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. 2013-03-07T10:55:01.827000+00:00 CVE-2013-2484 2013-03-07T10:55:01.880000+00:00 The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-03-07T10:55:01.880000+00:00 CVE-2013-2485 2013-03-07T10:55:01.927000+00:00 The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. 2013-03-07T10:55:01.927000+00:00 CVE-2013-2486 2013-03-07T10:55:01.973000+00:00 The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. 2013-03-07T10:55:01.973000+00:00 CVE-2013-2487 2013-03-07T10:55:02.020000+00:00 epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. 2013-03-07T10:55:02.020000+00:00 CVE-2013-2488 2013-03-07T10:55:02.073000+00:00 The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location. 2013-03-07T10:55:02.073000+00:00 CVE-2013-3555 2013-05-24T23:18:15.963000+00:00 epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-24T23:18:15.963000+00:00 CVE-2013-3556 2013-05-24T23:18:15.987000+00:00 The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-24T23:18:15.987000+00:00 CVE-2013-3557 2013-05-24T23:18:16.017000+00:00 The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-24T23:18:16.017000+00:00 CVE-2013-3558 2013-05-24T23:18:16.040000+00:00 The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-24T23:18:16.040000+00:00 CVE-2013-3559 2013-05-24T23:18:16.077000+00:00 epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. 2013-05-24T23:18:16.077000+00:00 CVE-2013-3560 2013-05-24T23:18:16.113000+00:00 The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-24T23:18:16.113000+00:00 CVE-2013-3561 2013-05-24T23:18:16.150000+00:00 Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. 2013-05-24T23:18:16.150000+00:00 CVE-2013-3562 2013-05-24T23:18:16.187000+00:00 Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-05-24T23:18:16.187000+00:00 CVE-2013-4074 2013-06-09T17:55:01.397000+00:00 The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-06-09T17:55:01.397000+00:00 CVE-2013-4075 2013-06-09T17:55:01.427000+00:00 epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-06-09T17:55:01.427000+00:00 CVE-2013-4076 2013-06-09T17:55:01.457000+00:00 Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-06-09T17:55:01.457000+00:00 CVE-2013-4077 2013-06-09T17:55:01.487000+00:00 Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. 2013-06-09T17:55:01.487000+00:00 CVE-2013-4078 2013-06-09T17:55:01.537000+00:00 epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2013-06-09T17:55:01.537000+00:00 CVE-2012-0041 2012-04-11T06:39:25.653000+00:00 The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. 2012-04-11T06:39:25.653000+00:00 CVE-2012-0042 2012-04-11T06:39:25.700000+00:00 Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. 2012-04-11T06:39:25.700000+00:00 CVE-2012-0043 2012-04-11T06:39:25.747000+00:00 Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. 2012-04-11T06:39:25.747000+00:00 CVE-2012-0066 2012-04-11T06:39:25.810000+00:00 Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. 2012-04-11T06:39:25.810000+00:00 CVE-2012-0067 2012-04-11T06:39:25.857000+00:00 wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. 2012-04-11T06:39:25.857000+00:00 CVE-2012-0068 2012-04-11T06:39:25.903000+00:00 The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small. 2012-04-11T06:39:25.903000+00:00 CVE-2012-3548 2012-08-30T18:55:05.857000+00:00 The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. 2012-08-30T18:55:05.857000+00:00 CVE-2012-4293 2012-08-16T06:38:08.843000+00:00 plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. 2012-08-16T06:38:08.843000+00:00 CVE-2012-4048 2012-07-24T15:55:00.877000+00:00 The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. 2012-07-24T15:55:00.877000+00:00 CVE-2012-4049 2012-07-24T15:55:03.077000+00:00 epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. 2012-07-24T15:55:03.077000+00:00 CVE-2012-4285 2012-08-16T06:38:08.313000+00:00 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. 2012-08-16T06:38:08.313000+00:00 CVE-2012-4286 2012-08-16T06:38:08.377000+00:00 The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file. 2012-08-16T06:38:08.377000+00:00 CVE-2012-4287 2012-08-16T06:38:08.437000+00:00 epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length. 2012-08-16T06:38:08.437000+00:00 CVE-2012-4288 2012-08-16T06:38:08.483000+00:00 Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. 2012-08-16T06:38:08.483000+00:00 CVE-2012-4289 2012-08-16T06:38:08.547000+00:00 epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. 2012-08-16T06:38:08.547000+00:00 CVE-2012-4290 2012-08-16T06:38:08.640000+00:00 The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. 2012-08-16T06:38:08.640000+00:00 CVE-2012-4291 2012-08-16T06:38:08.703000+00:00 The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. 2012-08-16T06:38:08.703000+00:00 CVE-2012-4292 2012-08-16T06:38:08.767000+00:00 The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2012-08-16T06:38:08.767000+00:00 CVE-2012-4294 2012-08-16T06:38:08.907000+00:00 Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. 2012-08-16T06:38:08.907000+00:00 CVE-2012-4295 2012-08-16T06:38:08.970000+00:00 Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. 2012-08-16T06:38:08.970000+00:00 CVE-2012-4296 2012-08-16T06:38:09.030000+00:00 Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. 2012-08-16T06:38:09.030000+00:00 CVE-2012-4297 2012-08-16T06:38:09.110000+00:00 Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet. 2012-08-16T06:38:09.110000+00:00 CVE-2012-4298 2012-08-16T06:38:09.140000+00:00 Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow. 2012-08-16T06:38:09.140000+00:00 CVE-2013-2475 2013-03-07T10:55:01.370000+00:00 The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-03-07T10:55:01.370000+00:00 CVE-2013-2476 2013-03-07T10:55:01.447000+00:00 The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. 2013-03-07T10:55:01.447000+00:00 CVE-2013-4082 2013-06-09T17:55:01.643000+00:00 The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. 2013-06-09T17:55:01.643000+00:00 CVE-2013-2477 2013-03-07T10:55:01.490000+00:00 The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. 2013-03-07T10:55:01.490000+00:00 CVE-2013-2478 2013-03-07T10:55:01.540000+00:00 The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. 2013-03-07T10:55:01.540000+00:00 CVE-2013-2479 2013-03-07T10:55:01.587000+00:00 The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. 2013-03-07T10:55:01.587000+00:00 CVE-2013-2481 2013-03-07T10:55:01.687000+00:00 Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. 2013-03-07T10:55:01.687000+00:00 CVE-2013-4079 2013-06-09T17:55:01.563000+00:00 The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. 2013-06-09T17:55:01.563000+00:00 CVE-2013-4936 2013-07-29T20:56:16.067000+00:00 The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. 2013-07-29T20:56:16.067000+00:00 CVE-2013-4080 2013-06-09T17:55:01.590000+00:00 The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. 2013-06-09T17:55:01.590000+00:00 CVE-2014-2282 2014-03-11T09:01:10.093000+00:00 The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. 2014-03-11T09:01:10.093000+00:00 CVE-2016-4415 2016-04-30T21:59:01.143000+00:00 wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file. 2016-04-30T21:59:01.143000+00:00 CVE-2016-4416 2016-04-30T21:59:02.143000+00:00 epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. 2016-04-30T21:59:02.143000+00:00 CVE-2016-4419 2016-04-30T21:59:05.613000+00:00 epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. 2016-04-30T21:59:05.613000+00:00 CVE-2016-4420 2016-04-30T21:59:06.550000+00:00 The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-30T21:59:06.550000+00:00 CVE-2014-2299 2014-03-11T09:01:10.280000+00:00 Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. 2014-03-11T09:01:10.280000+00:00 CVE-2016-7178 2016-09-09T06:59:04.260000+00:00 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. 2016-09-09T06:59:04.260000+00:00 CVE-2016-7180 2016-09-09T06:59:06.277000+00:00 epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. 2016-09-09T06:59:06.277000+00:00 CVE-2016-7179 2016-09-09T06:59:05.307000+00:00 Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-09-09T06:59:05.307000+00:00 CVE-2016-7177 2016-09-09T06:59:03.213000+00:00 epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. 2016-09-09T06:59:03.213000+00:00 CVE-2016-7175 2016-09-09T06:59:00.137000+00:00 epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-09-09T06:59:00.137000+00:00 CVE-2016-7176 2016-09-09T06:59:01.947000+00:00 epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. 2016-09-09T06:59:01.947000+00:00 CVE-2015-0561 2015-01-09T21:59:39.913000+00:00 asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. 2015-01-09T21:59:39.913000+00:00 CVE-2014-8710 2014-11-22T21:59:01.460000+00:00 The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. 2014-11-22T21:59:01.460000+00:00 CVE-2014-8711 2014-11-22T21:59:02.807000+00:00 Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. 2014-11-22T21:59:02.807000+00:00 CVE-2014-8712 2014-11-22T21:59:03.993000+00:00 The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-11-22T21:59:03.993000+00:00 CVE-2014-8713 2014-11-22T21:59:05.007000+00:00 Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-11-22T21:59:05.007000+00:00 CVE-2014-8714 2014-11-22T21:59:05.900000+00:00 The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2014-11-22T21:59:05.900000+00:00 CVE-2015-0562 2015-01-09T21:59:40.757000+00:00 Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. 2015-01-09T21:59:40.757000+00:00 CVE-2015-0563 2015-01-09T21:59:41.553000+00:00 epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-01-09T21:59:41.553000+00:00 CVE-2015-0564 2015-01-09T21:59:42.397000+00:00 Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. 2015-01-09T21:59:42.397000+00:00 CVE-2015-2187 2015-03-07T21:59:01.637000+00:00 The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. 2015-03-07T21:59:01.637000+00:00 CVE-2015-2188 2015-03-07T21:59:02.870000+00:00 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. 2015-03-07T21:59:02.870000+00:00 CVE-2015-2189 2015-03-07T21:59:03.870000+00:00 Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. 2015-03-07T21:59:03.870000+00:00 CVE-2015-2190 2015-03-07T21:59:04.870000+00:00 epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. 2015-03-07T21:59:04.870000+00:00 CVE-2015-2191 2015-03-07T21:59:05.777000+00:00 Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. 2015-03-07T21:59:05.777000+00:00 CVE-2015-2192 2015-03-07T21:59:06.760000+00:00 Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. 2015-03-07T21:59:06.760000+00:00 CVE-2015-3808 2015-05-26T11:59:01.760000+00:00 The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-05-26T11:59:01.760000+00:00 CVE-2015-3906 2015-05-26T11:59:12.323000+00:00 The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted message in a packet, a different vulnerability than CVE-2015-3815. 2015-05-26T11:59:12.323000+00:00 CVE-2016-5350 2016-08-07T12:59:01.643000+00:00 epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-08-07T12:59:01.643000+00:00 CVE-2016-5351 2016-08-07T12:59:03.157000+00:00 epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-07T12:59:03.157000+00:00 CVE-2016-5352 2016-08-07T12:59:04.657000+00:00 epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-07T12:59:04.657000+00:00 CVE-2016-5353 2016-08-07T12:59:06.113000+00:00 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-07T12:59:06.113000+00:00 CVE-2016-5354 2016-08-07T12:59:08.190000+00:00 The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-07T12:59:08.190000+00:00 CVE-2016-5355 2016-08-07T12:59:09.503000+00:00 wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2016-08-07T12:59:09.503000+00:00 CVE-2019-9208 2019-02-27T23:29:00.247000+00:00 In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. 2019-02-27T23:29:00.247000+00:00 CVE-2016-5356 2016-08-07T12:59:10.830000+00:00 wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2016-08-07T12:59:10.830000+00:00 CVE-2016-5357 2016-08-07T12:59:12.127000+00:00 wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2016-08-07T12:59:12.127000+00:00 CVE-2016-5358 2016-08-07T12:59:13.270000+00:00 epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-07T12:59:13.270000+00:00 CVE-2016-5359 2016-08-07T12:59:14.550000+00:00 epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. 2016-08-07T12:59:14.550000+00:00 CVE-2016-6503 2016-08-06T19:59:00.150000+00:00 The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-06T19:59:00.150000+00:00 CVE-2016-6504 2016-08-06T19:59:01.477000+00:00 epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. 2016-08-06T19:59:01.477000+00:00 CVE-2016-6505 2016-08-06T19:59:02.633000+00:00 epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. 2016-08-06T19:59:02.633000+00:00 CVE-2016-6506 2016-08-06T19:59:04.087000+00:00 epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-08-06T19:59:04.087000+00:00 CVE-2016-6507 2016-08-06T19:59:05.447000+00:00 epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-08-06T19:59:05.447000+00:00 CVE-2016-6508 2016-08-06T19:59:06.620000+00:00 epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. 2016-08-06T19:59:06.620000+00:00 CVE-2016-6509 2016-08-06T19:59:07.947000+00:00 epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-06T19:59:07.947000+00:00 CVE-2016-6510 2016-08-06T19:59:09.353000+00:00 Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. 2016-08-06T19:59:09.353000+00:00 CVE-2016-6511 2016-08-06T19:59:10.933000+00:00 epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. 2016-08-06T19:59:10.933000+00:00 CVE-2016-6512 2016-08-06T19:59:12.337000+00:00 epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. 2016-08-06T19:59:12.337000+00:00 CVE-2016-6513 2016-08-06T19:59:13.557000+00:00 epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-08-06T19:59:13.557000+00:00 CVE-2016-9372 2016-11-17T00:59:00.163000+00:00 In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. 2016-11-17T00:59:00.163000+00:00 CVE-2015-3182 2016-01-04T00:59:00.153000+00:00 epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T00:59:00.153000+00:00 CVE-2016-2521 2016-02-27T23:59:00.120000+00:00 Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. 2016-02-27T23:59:00.120000+00:00 CVE-2016-2522 2016-02-27T23:59:01.087000+00:00 The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-02-27T23:59:01.087000+00:00 CVE-2016-2523 2016-02-27T23:59:02.103000+00:00 The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-02-27T23:59:02.103000+00:00 CVE-2016-2524 2016-02-27T23:59:03.073000+00:00 epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-02-27T23:59:03.073000+00:00 CVE-2016-2525 2016-02-27T23:59:04.043000+00:00 epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. 2016-02-27T23:59:04.043000+00:00 CVE-2016-2526 2016-02-27T23:59:05.027000+00:00 epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-02-27T23:59:05.027000+00:00 CVE-2016-2527 2016-02-27T23:59:06.027000+00:00 wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. 2016-02-27T23:59:06.027000+00:00 CVE-2016-2528 2016-02-27T23:59:06.950000+00:00 The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. 2016-02-27T23:59:06.950000+00:00 CVE-2016-2529 2016-02-27T23:59:07.963000+00:00 The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. 2016-02-27T23:59:07.963000+00:00 CVE-2016-2530 2016-02-27T23:59:08.917000+00:00 The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. 2016-02-27T23:59:08.917000+00:00 CVE-2016-2531 2016-02-27T23:59:09.887000+00:00 Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. 2016-02-27T23:59:09.887000+00:00 CVE-2016-2532 2016-02-27T23:59:10.887000+00:00 The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. 2016-02-27T23:59:10.887000+00:00 CVE-2016-4006 2016-04-25T06:59:00.117000+00:00 epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet. 2016-04-25T06:59:00.117000+00:00 CVE-2016-4076 2016-04-25T06:59:01.270000+00:00 epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-25T06:59:01.270000+00:00 CVE-2016-4077 2016-04-25T06:59:02.490000+00:00 epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. 2016-04-25T06:59:02.490000+00:00 CVE-2016-4078 2016-04-25T06:59:03.490000+00:00 The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c. 2016-04-25T06:59:03.490000+00:00 CVE-2016-4079 2016-04-25T06:59:04.473000+00:00 epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. 2016-04-25T06:59:04.473000+00:00 CVE-2016-4080 2016-04-25T06:59:05.397000+00:00 epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-04-25T06:59:05.397000+00:00 CVE-2016-4081 2016-04-25T06:59:06.350000+00:00 epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-04-25T06:59:06.350000+00:00 CVE-2016-4082 2016-04-25T06:59:07.443000+00:00 epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. 2016-04-25T06:59:07.443000+00:00 CVE-2016-4083 2016-04-25T06:59:08.397000+00:00 epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-04-25T06:59:08.397000+00:00 CVE-2016-4084 2016-04-25T06:59:09.397000+00:00 Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. 2016-04-25T06:59:09.397000+00:00 CVE-2016-4085 2016-04-25T06:59:10.380000+00:00 Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. 2016-04-25T06:59:10.380000+00:00 CVE-2016-4417 2016-04-30T21:59:03.503000+00:00 Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value. 2016-04-30T21:59:03.503000+00:00 CVE-2016-4418 2016-04-30T21:59:04.503000+00:00 epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set. 2016-04-30T21:59:04.503000+00:00 CVE-2016-4421 2016-04-30T21:59:07.830000+00:00 epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. 2016-04-30T21:59:07.830000+00:00 CVE-2015-7830 2015-11-14T22:59:01.970000+00:00 The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. 2015-11-14T22:59:01.970000+00:00 CVE-2015-8711 2016-01-04T00:59:01.420000+00:00 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. 2016-01-04T00:59:01.420000+00:00 CVE-2015-8712 2016-01-04T00:59:02.513000+00:00 The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T00:59:02.513000+00:00 CVE-2015-8713 2016-01-04T00:59:03.530000+00:00 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. 2016-01-04T00:59:03.530000+00:00 CVE-2015-8714 2016-01-04T00:59:04.497000+00:00 The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T00:59:04.497000+00:00 CVE-2015-8715 2016-01-04T00:59:05.373000+00:00 epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2016-01-04T00:59:05.373000+00:00 CVE-2015-8716 2016-01-04T00:59:06.483000+00:00 The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T00:59:06.483000+00:00 CVE-2015-8717 2016-01-04T00:59:07.437000+00:00 The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T00:59:07.437000+00:00 CVE-2015-8718 2016-01-04T00:59:08.843000+00:00 Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T00:59:08.843000+00:00 CVE-2015-8719 2016-01-04T00:59:09.920000+00:00 The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T00:59:09.920000+00:00 CVE-2015-8720 2016-01-04T00:59:10.813000+00:00 The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T00:59:10.813000+00:00 CVE-2015-8721 2016-01-04T00:59:11.780000+00:00 Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. 2016-01-04T00:59:11.780000+00:00 CVE-2015-8722 2016-01-04T00:59:12.750000+00:00 epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. 2016-01-04T00:59:12.750000+00:00 CVE-2015-8723 2016-01-04T00:59:13.877000+00:00 The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. 2016-01-04T00:59:13.877000+00:00 CVE-2015-8724 2016-01-04T00:59:14.860000+00:00 The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-01-04T00:59:14.860000+00:00 CVE-2015-8725 2016-01-04T00:59:15.843000+00:00 The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. 2016-01-04T00:59:15.843000+00:00 CVE-2015-8726 2016-01-04T00:59:16.813000+00:00 wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. 2016-01-04T00:59:16.813000+00:00 CVE-2015-8727 2016-01-04T00:59:18.080000+00:00 The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. 2016-01-04T00:59:18.080000+00:00 CVE-2015-8728 2016-01-04T00:59:19.047000+00:00 The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. 2016-01-04T00:59:19.047000+00:00 CVE-2015-8729 2016-01-04T00:59:20.003000+00:00 The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. 2016-01-04T00:59:20.003000+00:00 CVE-2015-8730 2016-01-04T00:59:21.050000+00:00 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. 2016-01-04T00:59:21.050000+00:00 CVE-2015-8731 2016-01-04T00:59:21.957000+00:00 The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-01-04T00:59:21.957000+00:00 CVE-2015-8732 2016-01-04T00:59:22.923000+00:00 The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. 2016-01-04T00:59:22.923000+00:00 CVE-2015-8733 2016-01-04T00:59:23.863000+00:00 The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. 2016-01-04T00:59:23.863000+00:00 CVE-2015-8734 2016-01-04T00:59:24.783000+00:00 The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T00:59:24.783000+00:00 CVE-2015-8735 2016-01-04T00:59:25.783000+00:00 The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet. 2016-01-04T00:59:25.783000+00:00 CVE-2015-8736 2016-01-04T00:59:26.817000+00:00 The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. 2016-01-04T00:59:26.817000+00:00 CVE-2015-8737 2016-01-04T00:59:28.033000+00:00 The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. 2016-01-04T00:59:28.033000+00:00 CVE-2015-8738 2016-01-04T00:59:29.020000+00:00 The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. 2016-01-04T00:59:29.020000+00:00 CVE-2015-8739 2016-01-04T00:59:29.973000+00:00 The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. 2016-01-04T00:59:29.973000+00:00 CVE-2015-8740 2016-01-04T00:59:30.893000+00:00 The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. 2016-01-04T00:59:30.893000+00:00 CVE-2015-8741 2016-01-04T00:59:31.863000+00:00 The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2016-01-04T00:59:31.863000+00:00 CVE-2015-8742 2016-01-04T00:59:32.927000+00:00 The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. 2016-01-04T00:59:32.927000+00:00 CVE-2015-4651 2015-07-21T21:59:03.157000+00:00 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-07-21T21:59:03.157000+00:00 CVE-2015-4652 2015-07-21T21:59:04.967000+00:00 epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. 2015-07-21T21:59:04.967000+00:00 CVE-2015-6241 2015-08-24T19:59:00.130000+00:00 The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24T19:59:00.130000+00:00 CVE-2015-6242 2015-08-24T19:59:01.960000+00:00 The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. 2015-08-24T19:59:01.960000+00:00 CVE-2015-6243 2015-08-24T19:59:03.117000+00:00 The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. 2015-08-24T19:59:03.117000+00:00 CVE-2015-6244 2015-08-24T19:59:04.367000+00:00 The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24T19:59:04.367000+00:00 CVE-2015-6245 2015-08-24T19:59:05.397000+00:00 epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-08-24T19:59:05.397000+00:00 CVE-2015-6246 2015-08-24T19:59:06.443000+00:00 The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24T19:59:06.443000+00:00 CVE-2015-6247 2015-08-24T19:59:07.413000+00:00 The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-08-24T19:59:07.413000+00:00 CVE-2015-6248 2015-08-24T19:59:08.443000+00:00 The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24T19:59:08.443000+00:00 CVE-2015-6249 2015-08-24T19:59:09.520000+00:00 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-08-24T19:59:09.520000+00:00 CVE-2013-4081 2013-06-09T17:55:01.617000+00:00 The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. 2013-06-09T17:55:01.617000+00:00 CVE-2015-3809 2015-05-26T11:59:02.900000+00:00 The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-05-26T11:59:02.900000+00:00 CVE-2015-3810 2015-05-26T11:59:04.057000+00:00 epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. 2015-05-26T11:59:04.057000+00:00 CVE-2015-3811 2015-05-26T11:59:05.027000+00:00 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. 2015-05-26T11:59:05.027000+00:00 CVE-2015-3812 2015-05-26T11:59:06.010000+00:00 Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. 2015-05-26T11:59:06.010000+00:00 CVE-2015-3813 2015-05-26T11:59:07.307000+00:00 The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. 2015-05-26T11:59:07.307000+00:00 CVE-2015-3814 2015-05-26T11:59:08.167000+00:00 The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. 2015-05-26T11:59:08.167000+00:00 CVE-2015-3815 2015-05-26T11:59:09.150000+00:00 The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906. 2015-05-26T11:59:09.150000+00:00 CVE-2014-5161 2014-08-01T07:13:10.163000+00:00 The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. 2014-08-01T07:13:10.163000+00:00 CVE-2014-5162 2014-08-01T07:13:10.210000+00:00 The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet. 2014-08-01T07:13:10.210000+00:00 CVE-2014-5163 2014-08-01T07:13:10.290000+00:00 The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-08-01T07:13:10.290000+00:00 CVE-2014-5164 2014-08-01T07:13:10.337000+00:00 The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2014-08-01T07:13:10.337000+00:00 CVE-2014-5165 2014-08-01T07:13:10.383000+00:00 The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. 2014-08-01T07:13:10.383000+00:00 CVE-2016-9373 2016-11-17T00:59:01.757000+00:00 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. 2016-11-17T00:59:01.757000+00:00 CVE-2016-9374 2016-11-17T00:59:03.180000+00:00 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. 2016-11-17T00:59:03.180000+00:00 CVE-2016-9376 2016-11-17T00:59:05.210000+00:00 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. 2016-11-17T00:59:05.210000+00:00 CVE-2016-9375 2016-11-17T00:59:04.070000+00:00 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. 2016-11-17T00:59:04.070000+00:00 CVE-2017-5596 2017-01-25T16:59:00.137000+00:00 In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. 2017-01-25T16:59:00.137000+00:00 CVE-2017-5597 2017-01-25T16:59:00.183000+00:00 In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. 2017-01-25T16:59:00.183000+00:00 CVE-2017-6014 2017-02-17T02:59:00.967000+00:00 In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. 2017-02-17T02:59:00.967000+00:00 CVE-2017-6467 2017-03-03T22:59:00.163000+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. 2017-03-03T22:59:00.163000+00:00 CVE-2017-6468 2017-03-03T22:59:00.210000+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. 2017-03-03T22:59:00.210000+00:00 CVE-2017-6469 2017-03-03T22:59:00.240000+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. 2017-03-03T22:59:00.240000+00:00 CVE-2017-6470 2017-03-03T22:59:00.270000+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. 2017-03-03T22:59:00.270000+00:00 CVE-2017-6471 2017-03-03T22:59:00.317000+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. 2017-03-03T22:59:00.317000+00:00 CVE-2017-6472 2017-03-03T22:59:00.350000+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. 2017-03-03T22:59:00.350000+00:00 CVE-2017-6473 2017-03-03T22:59:00.397000+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. 2017-03-03T22:59:00.397000+00:00 CVE-2017-6474 2017-03-03T22:59:00.427000+00:00 In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. 2017-03-03T22:59:00.427000+00:00 CVE-2016-7958 2017-04-12T06:59:00.307000+00:00 In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. 2017-04-12T06:59:00.307000+00:00 CVE-2016-7957 2017-04-12T06:59:00.260000+00:00 In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. 2017-04-12T06:59:00.260000+00:00 CVE-2017-7700 2017-04-12T19:59:00.153000+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. 2017-04-12T19:59:00.153000+00:00 CVE-2017-7701 2017-04-12T19:59:00.200000+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type. 2017-04-12T19:59:00.200000+00:00 CVE-2017-7702 2017-04-12T19:59:00.230000+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. 2017-04-12T19:59:00.230000+00:00 CVE-2017-7703 2017-04-12T19:59:00.260000+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. 2017-04-12T19:59:00.260000+00:00 CVE-2017-7704 2017-04-12T19:59:00.307000+00:00 In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. 2017-04-12T19:59:00.307000+00:00 CVE-2017-7705 2017-04-12T19:59:00.357000+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. 2017-04-12T19:59:00.357000+00:00 CVE-2017-7745 2017-04-12T19:59:00.387000+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. 2017-04-12T19:59:00.387000+00:00 CVE-2017-7746 2017-04-12T19:59:00.417000+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. 2017-04-12T19:59:00.417000+00:00 CVE-2017-7747 2017-04-12T19:59:00.450000+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. 2017-04-12T19:59:00.450000+00:00 CVE-2017-7748 2017-04-12T19:59:00.497000+00:00 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check. 2017-04-12T19:59:00.497000+00:00 CVE-2017-9343 2017-06-02T01:29:00.217000+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. 2017-06-02T01:29:00.217000+00:00 CVE-2017-9344 2017-06-02T01:29:00.277000+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. 2017-06-02T01:29:00.277000+00:00 CVE-2017-9345 2017-06-02T01:29:00.310000+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. 2017-06-02T01:29:00.310000+00:00 CVE-2017-9346 2017-06-02T01:29:00.357000+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. 2017-06-02T01:29:00.357000+00:00 CVE-2017-9347 2017-06-02T01:29:00.387000+00:00 In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. 2017-06-02T01:29:00.387000+00:00 CVE-2017-9348 2017-06-02T01:29:00.433000+00:00 In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. 2017-06-02T01:29:00.433000+00:00 CVE-2017-9349 2017-06-02T01:29:00.467000+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. 2017-06-02T01:29:00.467000+00:00 CVE-2017-9350 2017-06-02T01:29:00.497000+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. 2017-06-02T01:29:00.497000+00:00 CVE-2017-9351 2017-06-02T01:29:00.543000+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. 2017-06-02T01:29:00.543000+00:00 CVE-2017-9352 2017-06-02T01:29:00.573000+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. 2017-06-02T01:29:00.573000+00:00 CVE-2017-9353 2017-06-02T01:29:00.620000+00:00 In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. 2017-06-02T01:29:00.620000+00:00 CVE-2017-9354 2017-06-02T01:29:00.667000+00:00 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. 2017-06-02T01:29:00.667000+00:00 CVE-2017-9616 2017-06-14T16:29:00.173000+00:00 In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. 2017-06-14T16:29:00.173000+00:00 CVE-2017-9617 2017-06-14T16:29:00.203000+00:00 In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. 2017-06-14T16:29:00.203000+00:00 CVE-2017-9766 2017-06-21T03:29:00.303000+00:00 In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. 2017-06-21T03:29:00.303000+00:00 CVE-2017-11406 2017-07-18T17:29:00.250000+00:00 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. 2017-07-18T17:29:00.250000+00:00 CVE-2017-11407 2017-07-18T17:29:00.297000+00:00 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. 2017-07-18T17:29:00.297000+00:00 CVE-2017-11408 2017-07-18T17:29:00.327000+00:00 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. 2017-07-18T17:29:00.327000+00:00 CVE-2017-11409 2017-07-18T17:29:00.377000+00:00 In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. 2017-07-18T17:29:00.377000+00:00 CVE-2017-11410 2017-07-18T17:29:00.407000+00:00 In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. 2017-07-18T17:29:00.407000+00:00 CVE-2017-11411 2017-07-18T17:29:00.437000+00:00 In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. 2017-07-18T17:29:00.437000+00:00 CVE-2017-13764 2017-08-30T05:29:00.417000+00:00 In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. 2017-08-30T05:29:00.417000+00:00 CVE-2017-13765 2017-08-30T05:29:00.450000+00:00 In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. 2017-08-30T05:29:00.450000+00:00 CVE-2017-13766 2017-08-30T05:29:00.497000+00:00 In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. 2017-08-30T05:29:00.497000+00:00 CVE-2017-13767 2017-08-30T05:29:00.527000+00:00 In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. 2017-08-30T05:29:00.527000+00:00 CVE-2017-15189 2017-10-10T17:29:00.273000+00:00 In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. 2017-10-10T17:29:00.273000+00:00 CVE-2017-15190 2017-10-10T17:29:00.353000+00:00 In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. 2017-10-10T17:29:00.353000+00:00 CVE-2017-15191 2017-10-10T17:29:00.400000+00:00 In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. 2017-10-10T17:29:00.400000+00:00 CVE-2017-15192 2017-10-10T17:29:00.460000+00:00 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. 2017-10-10T17:29:00.460000+00:00 CVE-2017-15193 2017-10-10T17:29:00.493000+00:00 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. 2017-10-10T17:29:00.493000+00:00 CVE-2017-17083 2017-12-01T03:29:00.497000+00:00 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. 2017-12-01T03:29:00.497000+00:00 CVE-2017-17084 2017-12-01T03:29:00.543000+00:00 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. 2017-12-01T03:29:00.543000+00:00 CVE-2017-17085 2017-12-01T03:29:00.577000+00:00 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. 2017-12-01T03:29:00.577000+00:00 CVE-2017-17935 2017-12-27T12:08:22.953000+00:00 The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. 2017-12-27T12:08:22.953000+00:00 CVE-2017-17997 2017-12-30T02:29:00.537000+00:00 In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. 2017-12-30T02:29:00.537000+00:00 CVE-2018-5334 2018-01-11T16:29:00.207000+00:00 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. 2018-01-11T16:29:00.207000+00:00 CVE-2018-5335 2018-01-11T16:29:00.253000+00:00 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. 2018-01-11T16:29:00.253000+00:00 CVE-2018-5336 2018-01-11T16:29:00.300000+00:00 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. 2018-01-11T16:29:00.300000+00:00 CVE-2018-6836 2018-02-08T02:29:01.197000+00:00 The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2018-02-08T02:29:01.197000+00:00 CVE-2018-7320 2018-02-23T17:29:00.263000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. 2018-02-23T17:29:00.263000+00:00 CVE-2018-7321 2018-02-23T17:29:00.357000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. 2018-02-23T17:29:00.357000+00:00 CVE-2018-7322 2018-02-23T17:29:00.403000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. 2018-02-23T17:29:00.403000+00:00 CVE-2018-7323 2018-02-23T17:29:00.467000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. 2018-02-23T17:29:00.467000+00:00 CVE-2018-7324 2018-02-23T17:29:00.607000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. 2018-02-23T17:29:00.607000+00:00 CVE-2018-7325 2018-02-23T17:29:00.700000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. 2018-02-23T17:29:00.700000+00:00 CVE-2018-7326 2018-02-23T17:29:00.763000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. 2018-02-23T17:29:00.763000+00:00 CVE-2018-7327 2018-02-23T17:29:00.827000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. 2018-02-23T17:29:00.827000+00:00 CVE-2018-7328 2018-02-23T17:29:00.887000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. 2018-02-23T17:29:00.887000+00:00 CVE-2018-7329 2018-02-23T17:29:00.950000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. 2018-02-23T17:29:00.950000+00:00 CVE-2018-7330 2018-02-23T17:29:01.013000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. 2018-02-23T17:29:01.013000+00:00 CVE-2018-7331 2018-02-23T17:29:01.077000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. 2018-02-23T17:29:01.077000+00:00 CVE-2018-7332 2018-02-23T17:29:01.137000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. 2018-02-23T17:29:01.137000+00:00 CVE-2018-7333 2018-02-23T17:29:01.200000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. 2018-02-23T17:29:01.200000+00:00 CVE-2018-7334 2018-02-23T17:29:01.280000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. 2018-02-23T17:29:01.280000+00:00 CVE-2018-7335 2018-02-23T17:29:01.343000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. 2018-02-23T17:29:01.343000+00:00 CVE-2018-7336 2018-02-23T17:29:01.403000+00:00 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. 2018-02-23T17:29:01.403000+00:00 CVE-2018-7337 2018-02-23T17:29:01.467000+00:00 In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. 2018-02-23T17:29:01.467000+00:00 CVE-2018-7417 2018-02-23T17:29:01.513000+00:00 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. 2018-02-23T17:29:01.513000+00:00 CVE-2018-7418 2018-02-23T17:29:01.577000+00:00 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. 2018-02-23T17:29:01.577000+00:00 CVE-2018-7419 2018-02-23T17:29:01.653000+00:00 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. 2018-02-23T17:29:01.653000+00:00 CVE-2018-7420 2018-02-23T17:29:01.717000+00:00 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. 2018-02-23T17:29:01.717000+00:00 CVE-2018-7421 2018-02-23T17:29:01.763000+00:00 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. 2018-02-23T17:29:01.763000+00:00 CVE-2018-9256 2018-04-04T03:29:00.440000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. 2018-04-04T03:29:00.440000+00:00 CVE-2018-9257 2018-04-04T03:29:00.503000+00:00 In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. 2018-04-04T03:29:00.503000+00:00 CVE-2018-9258 2018-04-04T03:29:00.567000+00:00 In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. 2018-04-04T03:29:00.567000+00:00 CVE-2018-9259 2018-04-04T03:29:00.627000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. 2018-04-04T03:29:00.627000+00:00 CVE-2018-9260 2018-04-04T03:29:00.707000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. 2018-04-04T03:29:00.707000+00:00 CVE-2018-9261 2018-04-04T03:29:00.767000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. 2018-04-04T03:29:00.767000+00:00 CVE-2018-9262 2018-04-04T03:29:00.830000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. 2018-04-04T03:29:00.830000+00:00 CVE-2018-9263 2018-04-04T03:29:00.893000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. 2018-04-04T03:29:00.893000+00:00 CVE-2018-9264 2018-04-04T03:29:00.957000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. 2018-04-04T03:29:00.957000+00:00 CVE-2018-9265 2018-04-04T03:29:01.017000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. 2018-04-04T03:29:01.017000+00:00 CVE-2018-9266 2018-04-04T03:29:01.080000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. 2018-04-04T03:29:01.080000+00:00 CVE-2018-9267 2018-04-04T03:29:01.143000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. 2018-04-04T03:29:01.143000+00:00 CVE-2018-9268 2018-04-04T03:29:01.207000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. 2018-04-04T03:29:01.207000+00:00 CVE-2018-9269 2018-04-04T03:29:01.267000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. 2018-04-04T03:29:01.267000+00:00 CVE-2018-9270 2018-04-04T03:29:01.347000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. 2018-04-04T03:29:01.347000+00:00 CVE-2018-9271 2018-04-04T03:29:01.410000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. 2018-04-04T03:29:01.410000+00:00 CVE-2018-9272 2018-04-04T03:29:01.470000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. 2018-04-04T03:29:01.470000+00:00 CVE-2018-9273 2018-04-04T03:29:01.533000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. 2018-04-04T03:29:01.533000+00:00 CVE-2018-9274 2018-04-04T03:29:01.597000+00:00 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. 2018-04-04T03:29:01.597000+00:00 CVE-2018-11354 2018-05-22T17:29:00.207000+00:00 In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. 2018-05-22T17:29:00.207000+00:00 CVE-2018-11355 2018-05-22T17:29:00.253000+00:00 In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. 2018-05-22T17:29:00.253000+00:00 CVE-2018-11356 2018-05-22T17:29:00.300000+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. 2018-05-22T17:29:00.300000+00:00 CVE-2018-11357 2018-05-22T17:29:00.347000+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. 2018-05-22T17:29:00.347000+00:00 CVE-2018-11358 2018-05-22T17:29:00.393000+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. 2018-05-22T17:29:00.393000+00:00 CVE-2018-11359 2018-05-22T17:29:00.440000+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. 2018-05-22T17:29:00.440000+00:00 CVE-2018-11360 2018-05-22T17:29:00.487000+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. 2018-05-22T17:29:00.487000+00:00 CVE-2018-11361 2018-05-22T17:29:00.533000+00:00 In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. 2018-05-22T17:29:00.533000+00:00 CVE-2018-11362 2018-05-22T17:29:00.580000+00:00 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. 2018-05-22T17:29:00.580000+00:00 CVE-2018-14339 2018-07-18T22:29:00.203000+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. 2018-07-18T22:29:00.203000+00:00 CVE-2018-14340 2018-07-18T22:29:00.267000+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. 2018-07-18T22:29:00.267000+00:00 CVE-2018-14341 2018-07-18T22:29:00.330000+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. 2018-07-18T22:29:00.330000+00:00 CVE-2018-14342 2018-07-18T22:29:00.377000+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. 2018-07-18T22:29:00.377000+00:00 CVE-2018-14343 2018-07-18T22:29:00.437000+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. 2018-07-18T22:29:00.437000+00:00 CVE-2018-14344 2018-07-18T22:29:00.487000+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. 2018-07-18T22:29:00.487000+00:00 CVE-2018-14367 2018-07-18T22:29:00.563000+00:00 In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. 2018-07-18T22:29:00.563000+00:00 CVE-2018-14368 2018-07-18T22:29:00.627000+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. 2018-07-18T22:29:00.627000+00:00 CVE-2018-14369 2018-07-18T22:29:00.687000+00:00 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. 2018-07-18T22:29:00.687000+00:00 CVE-2018-14370 2018-07-18T22:29:00.737000+00:00 In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. 2018-07-18T22:29:00.737000+00:00 CVE-2018-14438 2018-07-19T20:29:00.457000+00:00 In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. 2018-07-19T20:29:00.457000+00:00