CVE-2026-6528

TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service...

MiracleLinux 4 : wireshark-1.8.10-4.AXS4 (AXSA:2014-031:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-031:01 advisory. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for...

EUVD-2018-19061

Malware in sbrugna...

PT-2024-17126

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.2.0 through 4.2.8 Wireshark versions 4.4.0 through 4.4.1 Description The issue allows for denial of service via packet injection or crafted capture file. It is related to the ECMP dissector crash in Wireshark...

OESA-2023-1373 wireshark security update

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

PT-2023-3227 · Wireshark +4 · Wireshark +4

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.12 Wireshark versions 4.0.0 through 4.0.4 Description: The issue is related to the RPCoRDMA dissector in Wireshark, which can lead to a denial of service via packet injection or crafted capture file. This...

SUSE CVE-2017-7704

In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value...

PT-2023-16253 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.10 Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the iSCSI dissector and allows for denial of service via packet injection or crafted capture file. Recommendations:...

PT-2020-6562 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.2.0 through 3.2.8 Wireshark version 3.4.0 Description: A flaw in the USB HID protocol dissector and possibly other dissectors in Wireshark allows a Denial of Service via packet injection or a crafted capture file. The...

SUSE-SU-2018:1988-1 Security update for wireshark

This update for wireshark fixes vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files bsc1094301. This includes: - CVE-2018-11356: DNS dissector cras...

CVE-2015-8740

The dissecttds7colmetadatatoken function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash via a crafted packet...

CVE-2015-8717

The dissectsdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2015-0561

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service out-of-bounds memory access and application crash via a crafted packet...

MGASA-2013-0281 Updated wireshark package fixes security vulnerabilities

The ASSA R3 dissector could go into an infinite loop CVE-2013-5719. The RTPS dissector could overflow a buffer CVE-2013-5720. The MQ dissector could crash CVE-2013-5721. The LDAP dissector could crash CVE-2013-5722. The Netmon file parser could crash wpna-sec-2013-60...

DEBIAN-CVE-2013-4920

The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service application crash via a crafted packet...