Max CVSS 7.8 Min CVSS 4.3 Total Count59
ID CVSS CVSS3 Summary Last (major) update Published
CVE-2019-10895 5.0 7.5
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
2021-07-21 - 11:39 2019-04-09 - 04:29
CVE-2019-10899 5.0 7.5
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
2021-07-21 - 11:39 2019-04-09 - 04:29
CVE-2019-9209 5.0 7.5
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
2021-07-21 - 11:39 2019-02-28 - 04:29
CVE-2020-7044 5.0 7.5
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
2021-07-21 - 11:39 2020-01-16 - 04:15
CVE-2020-9428 5.0 7.5
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.
2021-07-21 - 11:39 2020-02-27 - 23:15
CVE-2020-9431 5.0 7.5
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
2021-07-21 - 11:39 2020-02-27 - 23:15
CVE-2019-16319 7.8 7.5
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
2021-02-11 - 14:16 2019-09-15 - 16:15
CVE-2019-13619 5.0 7.5
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
2021-02-10 - 20:37 2019-07-17 - 20:15
CVE-2019-19553 5.0 7.5
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.
2021-02-10 - 20:07 2019-12-05 - 01:15
CVE-2020-9430 5.0 7.5
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
2021-02-09 - 18:47 2020-02-27 - 23:15
CVE-2019-10894 5.0 7.5
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
2020-11-02 - 21:15 2019-04-09 - 04:29
CVE-2019-10896 5.0 7.5
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
2020-11-02 - 21:15 2019-04-09 - 04:29
CVE-2019-10901 5.0 7.5
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
2020-11-02 - 21:15 2019-04-09 - 04:29
CVE-2019-10903 5.0 7.5
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
2020-11-02 - 21:15 2019-04-09 - 04:29
CVE-2018-16057 5.0 7.5
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
2020-10-15 - 16:13 2018-08-30 - 01:29
CVE-2018-18225 5.0 7.5
In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.
2020-10-15 - 16:13 2018-10-12 - 06:29
CVE-2018-12086 5.0 7.5
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
2020-08-24 - 17:37 2018-09-14 - 21:29
CVE-2018-16056 5.0 7.5
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.
2020-08-24 - 17:37 2018-08-30 - 01:29
CVE-2018-16058 5.0 7.5
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.
2020-08-24 - 17:37 2018-08-30 - 01:29
CVE-2018-19626 4.3 5.5
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.
2020-08-24 - 17:37 2018-11-29 - 04:29
CVE-2019-10897 5.0 7.5
In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.
2020-08-24 - 17:37 2019-04-09 - 04:29
CVE-2019-10898 5.0 7.5
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.
2020-08-24 - 17:37 2019-04-09 - 04:29
CVE-2019-10900 5.0 7.5
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
2020-08-24 - 17:37 2019-04-09 - 04:29
CVE-2019-10902 5.0 7.5
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.
2020-08-24 - 17:37 2019-04-09 - 04:29
CVE-2019-5719 4.3 5.5
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.
2020-08-24 - 17:37 2019-01-08 - 23:29
CVE-2020-9429 5.0 7.5
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.
2020-07-27 - 02:15 2020-02-27 - 23:15
CVE-2018-11354 5.0 7.5
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
2020-03-20 - 01:15 2018-05-22 - 21:29
CVE-2018-11355 5.0 7.5
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
2020-03-20 - 01:15 2018-05-22 - 21:29
CVE-2018-11356 5.0 7.5
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
2020-03-20 - 01:15 2018-05-22 - 21:29
CVE-2018-11357 5.0 7.5
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
2020-03-20 - 01:15 2018-05-22 - 21:29
CVE-2018-11358 5.0 7.5
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.
2020-03-20 - 01:15 2018-05-22 - 21:29
CVE-2018-11359 5.0 7.5
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
2020-03-20 - 01:15 2018-05-22 - 21:29
CVE-2018-11360 5.0 7.5
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
2020-03-20 - 01:15 2018-05-22 - 21:29
CVE-2018-11361 5.0 7.5
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.
2020-03-20 - 01:15 2018-05-22 - 21:29
CVE-2018-11362 5.0 7.5
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
2020-03-20 - 01:15 2018-05-22 - 21:29
CVE-2018-14339 5.0 7.5
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
2020-03-20 - 01:15 2018-07-19 - 02:29
CVE-2018-14340 5.0 7.5
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
2020-03-20 - 01:15 2018-07-19 - 02:29
CVE-2018-14341 7.8 7.5
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
2020-03-20 - 01:15 2018-07-19 - 02:29
CVE-2018-14342 7.8 7.5
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
2020-03-20 - 01:15 2018-07-19 - 02:29
CVE-2018-14343 5.0 7.5
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
2020-03-20 - 01:15 2018-07-19 - 02:29
CVE-2018-14344 5.0 7.5
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.
2020-03-20 - 01:15 2018-07-19 - 02:29
CVE-2018-14367 5.0 7.5
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
2020-03-20 - 01:15 2018-07-19 - 02:29
CVE-2018-14368 7.8 7.5
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
2020-03-20 - 01:15 2018-07-19 - 02:29
CVE-2018-14369 5.0 7.5
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.
2020-03-20 - 01:15 2018-07-19 - 02:29
CVE-2018-14370 5.0 7.5
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.
2020-03-20 - 01:15 2018-07-19 - 02:29
CVE-2018-18226 7.8 7.5
In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach.
2020-03-20 - 01:15 2018-10-12 - 06:29
CVE-2018-18227 5.0 7.5
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
2020-03-20 - 01:15 2018-10-12 - 06:29
CVE-2018-19622 5.0 7.5
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
2020-03-20 - 01:15 2018-11-29 - 04:29
CVE-2018-19623 5.0 7.5
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.
2020-03-20 - 01:15 2018-11-29 - 04:29
CVE-2018-19624 4.3 5.5
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
2020-03-20 - 01:15 2018-11-29 - 04:29
CVE-2018-19625 4.3 5.5
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
2020-03-20 - 01:15 2018-11-29 - 04:29
CVE-2018-19627 5.0 7.5
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
2020-03-20 - 01:15 2018-11-29 - 04:29
CVE-2018-19628 5.0 7.5
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
2020-03-20 - 01:15 2018-11-29 - 04:29
CVE-2019-5716 4.3 5.5
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.
2020-03-20 - 01:15 2019-01-08 - 23:29
CVE-2019-5717 4.3 5.5
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.
2020-03-20 - 01:15 2019-01-08 - 23:29
CVE-2019-5721 4.3 5.5
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.
2020-03-20 - 01:15 2019-01-08 - 23:29
CVE-2019-5718 4.3 5.5
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.
2020-01-15 - 20:15 2019-01-08 - 23:29
CVE-2019-9208 5.0 7.5
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.
2019-05-16 - 18:29 2019-02-28 - 04:29
CVE-2019-9214 5.0 7.5
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
2019-05-16 - 18:29 2019-02-28 - 04:29
Mark selected