Vulnerabilities > Wireshark

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-2906 Divide By Zero vulnerability in Wireshark
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.
network
low complexity
wireshark CWE-369
6.5
2023-08-24 CVE-2023-4511 Infinite Loop vulnerability in Wireshark
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark CWE-835
7.5
2023-08-24 CVE-2023-4512 Uncontrolled Recursion vulnerability in Wireshark
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark CWE-674
7.5
2023-08-24 CVE-2023-4513 Memory Leak vulnerability in Wireshark
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark CWE-401
7.5
2023-07-14 CVE-2023-3648 Unspecified vulnerability in Wireshark
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file
local
low complexity
wireshark
5.5
2023-07-14 CVE-2023-3649 Out-of-bounds Read vulnerability in Wireshark
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
local
low complexity
wireshark CWE-125
5.5
2023-06-07 CVE-2023-0666 Out-of-bounds Write vulnerability in multiple products
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
network
low complexity
wireshark debian CWE-787
6.5
2023-06-07 CVE-2023-0667 Out-of-bounds Write vulnerability in Wireshark
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
network
low complexity
wireshark CWE-787
6.5
2023-06-07 CVE-2023-0668 Out-of-bounds Write vulnerability in multiple products
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
network
low complexity
wireshark debian CWE-787
6.5
2023-05-30 CVE-2023-2952 Infinite Loop vulnerability in multiple products
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian CWE-835
6.5