Vulnerabilities > Wireshark

DATE CVE VULNERABILITY TITLE RISK
2017-08-30 CVE-2017-13765 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash.
network
low complexity
wireshark debian CWE-125
7.5
7.5
2017-08-30 CVE-2017-13764 NULL Pointer Dereference vulnerability in Wireshark 2.4.0
In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference.
network
low complexity
wireshark CWE-476
7.5
7.5
2017-07-18 CVE-2017-11411 Improper Input Validation vulnerability in Wireshark
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory.
network
low complexity
wireshark CWE-20
7.5
7.5
2017-07-18 CVE-2017-11410 Infinite Loop vulnerability in Wireshark
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark CWE-835
7.5
7.5
2017-07-18 CVE-2017-11409 Excessive Iteration vulnerability in multiple products
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop.
network
low complexity
wireshark debian CWE-834
7.5
7.5
2017-07-18 CVE-2017-11408 Improper Input Validation vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash.
network
low complexity
wireshark CWE-20
7.5
7.5
2017-07-18 CVE-2017-11407 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2017-07-18 CVE-2017-11406 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-06-21 CVE-2017-9766 Uncontrolled Recursion vulnerability in multiple products
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
network
low complexity
wireshark debian CWE-674
7.5
7.5
2017-06-14 CVE-2017-9617 Uncontrolled Recursion vulnerability in Wireshark 2.2.7
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
network
wireshark CWE-674
4.3
4.3