Vulnerabilities > Wireshark

DATE CVE VULNERABILITY TITLE RISK
2016-04-25 CVE-2016-4082 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.
network
high complexity
wireshark debian oracle CWE-119
5.9
2016-04-25 CVE-2016-4081 Improper Access Control vulnerability in Wireshark
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
network
high complexity
wireshark CWE-284
5.9
2016-04-25 CVE-2016-4080 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
network
high complexity
wireshark CWE-119
5.9
2016-04-25 CVE-2016-4079 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.
network
high complexity
debian oracle wireshark CWE-119
5.9
2016-04-25 CVE-2016-4078 Improper Input Validation vulnerability in Wireshark
The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.
network
high complexity
wireshark CWE-20
5.9
2016-04-25 CVE-2016-4077 Unspecified vulnerability in Wireshark 2.0.0/2.0.1/2.0.2
epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
network
high complexity
wireshark
5.9
2016-04-25 CVE-2016-4076 Improper Access Control vulnerability in Wireshark 2.0.0/2.0.1/2.0.2
epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
network
high complexity
wireshark CWE-284
5.9
2016-04-25 CVE-2016-4006 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.
network
high complexity
wireshark CWE-119
5.9
2016-02-28 CVE-2016-2532 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
network
high complexity
wireshark CWE-119
5.9
2016-02-28 CVE-2016-2531 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wireshark
Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.
network
high complexity
wireshark CWE-119
5.9