Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
WiresharkWireshark2.0.2

55 matches found

CVE
CVEadded 2017/08/30 9:29 a.m.381 views

CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.

7.5CVSS7.2AI score0.00475EPSS
CVE
CVEadded 2017/07/18 9:29 p.m.112 views

CVE-2017-11408

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.

7.5CVSS7.2AI score0.00641EPSS
CVE
CVEadded 2016/08/06 11:59 p.m.104 views

CVE-2016-6506

epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

5.9CVSS5.5AI score0.00172EPSS
CVE
CVEadded 2017/04/12 11:59 p.m.102 views

CVE-2017-7703

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.

7.5CVSS7.4AI score0.00915EPSS
CVE
CVEadded 2017/04/12 11:59 p.m.94 views

CVE-2017-7701

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.

7.8CVSS7.4AI score0.0053EPSS
CVE
CVEadded 2017/04/12 11:59 p.m.94 views

CVE-2017-7702

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.

7.8CVSS7.4AI score0.00533EPSS
CVE
CVEadded 2017/08/30 9:29 a.m.93 views

CVE-2017-13767

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.

7.8CVSS7.2AI score0.00325EPSS
CVE
CVEadded 2016/08/06 11:59 p.m.92 views

CVE-2016-6505

epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.

5.9CVSS5.5AI score0.02278EPSS
Web
CVE
CVEadded 2016/08/06 11:59 p.m.92 views

CVE-2016-6510

Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

5.9CVSS5.8AI score0.00197EPSS
CVE
CVEadded 2017/01/25 9:59 p.m.92 views

CVE-2017-5596

In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.

7.5CVSS7.4AI score0.00558EPSS
CVE
CVEadded 2017/01/25 9:59 p.m.91 views

CVE-2017-5597

In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow.

7.5CVSS7.4AI score0.00478EPSS
CVE
CVEadded 2016/08/06 11:59 p.m.90 views

CVE-2016-6508

epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.

5.9CVSS5.5AI score0.00184EPSS
CVE
CVEadded 2017/04/12 11:59 p.m.88 views

CVE-2017-7705

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.

7.8CVSS7.4AI score0.0053EPSS
CVE
CVEadded 2016/08/06 11:59 p.m.82 views

CVE-2016-6509

epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS5.5AI score0.00211EPSS
CVE
CVEadded 2016/11/17 5:59 a.m.81 views

CVE-2016-9373

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strin...

5.9CVSS5.6AI score0.01217EPSS
CVE
CVEadded 2016/08/06 11:59 p.m.78 views

CVE-2016-6512

epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.

5.9CVSS5.7AI score0.01894EPSS
CVE
CVEadded 2016/08/06 11:59 p.m.77 views

CVE-2016-6511

epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.

5.9CVSS5.5AI score0.00184EPSS
CVE
CVEadded 2016/08/07 4:59 p.m.76 views

CVE-2016-5350

epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

7.5CVSS7AI score0.00197EPSS
CVE
CVEadded 2016/11/17 5:59 a.m.76 views

CVE-2016-9375

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.

5.9CVSS5.6AI score0.01481EPSS
CVE
CVEadded 2016/08/07 4:59 p.m.75 views

CVE-2016-5357

wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

5.9CVSS6AI score0.00714EPSS
CVE
CVEadded 2017/04/12 11:59 p.m.75 views

CVE-2017-7747

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.

7.5CVSS7.4AI score0.02045EPSS
CVE
CVEadded 2016/04/25 10:59 a.m.74 views

CVE-2016-4082

epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.

5.9CVSS5.4AI score0.00228EPSS
CVE
CVEadded 2016/08/07 4:59 p.m.74 views

CVE-2016-5356

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

5.9CVSS6AI score0.00806EPSS
CVE
CVEadded 2016/08/06 11:59 p.m.73 views

CVE-2016-6513

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS5.6AI score0.00144EPSS
CVE
CVEadded 2016/09/09 10:59 a.m.72 views

CVE-2016-7178

epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.

5.9CVSS5.6AI score0.00309EPSS
CVE
CVEadded 2016/11/17 5:59 a.m.72 views

CVE-2016-9376

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.

5.9CVSS5.6AI score0.01481EPSS
CVE
CVEadded 2016/09/09 10:59 a.m.70 views

CVE-2016-7177

epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

5.9CVSS5.5AI score0.00309EPSS
CVE
CVEadded 2016/09/09 10:59 a.m.69 views

CVE-2016-7180

epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.

5.9CVSS5.5AI score0.00309EPSS
CVE
CVEadded 2016/08/07 4:59 p.m.68 views

CVE-2016-5351

epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS6AI score0.00209EPSS
CVE
CVEadded 2016/11/17 5:59 a.m.68 views

CVE-2016-9374

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.

5.9CVSS5.8AI score0.01217EPSS
CVE
CVEadded 2016/04/25 10:59 a.m.66 views

CVE-2016-4006

epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.

5.9CVSS5.5AI score0.00197EPSS
CVE
CVEadded 2016/04/25 10:59 a.m.65 views

CVE-2016-4085

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.

5.9CVSS6.6AI score0.00652EPSS
CVE
CVEadded 2016/08/07 4:59 p.m.65 views

CVE-2016-5355

wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

5.9CVSS6AI score0.00919EPSS
CVE
CVEadded 2017/04/12 11:59 p.m.65 views

CVE-2017-7746

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.

7.5CVSS7.4AI score0.02045EPSS
CVE
CVEadded 2016/04/25 10:59 a.m.64 views

CVE-2016-4080

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

5.9CVSS5.3AI score0.00357EPSS
CVE
CVEadded 2016/08/06 11:59 p.m.64 views

CVE-2016-6507

epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

5.9CVSS5.5AI score0.00183EPSS
CVE
CVEadded 2016/09/09 10:59 a.m.64 views

CVE-2016-7176

epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet.

5.9CVSS5.5AI score0.00309EPSS
CVE
CVEadded 2017/07/18 9:29 p.m.64 views

CVE-2017-11410

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this ...

7.8CVSS7.6AI score0.00533EPSS
CVE
CVEadded 2016/04/25 10:59 a.m.62 views

CVE-2016-4076

epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS5.4AI score0.00168EPSS
CVE
CVEadded 2016/08/07 4:59 p.m.62 views

CVE-2016-5353

epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS6AI score0.00209EPSS
CVE
CVEadded 2016/04/25 10:59 a.m.61 views

CVE-2016-4079

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

5.9CVSS5.4AI score0.00228EPSS
CVE
CVEadded 2016/08/07 4:59 p.m.61 views

CVE-2016-5354

The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS6AI score0.00214EPSS
CVE
CVEadded 2016/09/09 10:59 a.m.61 views

CVE-2016-7179

Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS5.7AI score0.0033EPSS
CVE
CVEadded 2017/04/12 11:59 p.m.58 views

CVE-2017-7748

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.

7.8CVSS7.4AI score0.00325EPSS
CVE
CVEadded 2016/04/25 10:59 a.m.57 views

CVE-2016-4083

epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS5.3AI score0.00216EPSS
CVE
CVEadded 2016/08/07 4:59 p.m.57 views

CVE-2016-5358

epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS6AI score0.00158EPSS
CVE
CVEadded 2017/07/18 9:29 p.m.57 views

CVE-2017-11411

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.

7.8CVSS7.4AI score0.01259EPSS
CVE
CVEadded 2017/04/12 11:59 p.m.57 views

CVE-2017-7745

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.

7.8CVSS7.4AI score0.00325EPSS
CVE
CVEadded 2016/04/25 10:59 a.m.55 views

CVE-2016-4081

epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

5.9CVSS5.5AI score0.00366EPSS
CVE
CVEadded 2016/08/06 11:59 p.m.55 views

CVE-2016-6503

The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS5.7AI score0.02162EPSS
Total number of security vulnerabilities55