Vulnerabilities > Wireshark

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-26422 Classic Buffer Overflow vulnerability in Wireshark 3.4.0/3.4.1
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark CWE-120
5.0
2020-12-11 CVE-2020-26421 Out-Of-Bounds Read vulnerability in Wireshark
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark CWE-125
5.0
2020-12-11 CVE-2020-26420 Memory Leak vulnerability in Wireshark
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark CWE-401
5.0
2020-12-11 CVE-2020-26419 Memory Leak vulnerability in Wireshark 3.4.0
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark CWE-401
5.0
2020-12-11 CVE-2020-26418 Memory Leak vulnerability in Wireshark
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark CWE-401
5.0
2020-11-02 CVE-2020-28030 Resource Exhaustion vulnerability in Wireshark
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash.
network
low complexity
wireshark CWE-400
5.0
2020-10-06 CVE-2020-26575 Infinite Loop vulnerability in Wireshark
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop.
network
low complexity
wireshark CWE-835
5.0
2020-10-06 CVE-2020-25866 Null Pointer Dereference vulnerability in Wireshark
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages.
network
low complexity
wireshark CWE-476
5.0
2020-10-06 CVE-2020-25863 Unspecified vulnerability in Wireshark
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash.
network
low complexity
wireshark
5.0
2020-10-06 CVE-2020-25862 Improper Validation of Integrity Check Value vulnerability in Wireshark
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash.
network
low complexity
wireshark CWE-354
5.0