Vulnerabilities > Wireshark
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-18 | CVE-2014-4174 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. | 9.3 |
| 2014-03-11 | CVE-2014-2282 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. | 4.3 |
| 2014-03-11 | CVE-2014-2281 | Improper Input Validation vulnerability in Wireshark The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. | 4.3 |
| 2013-12-19 | CVE-2013-7114 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. | 5.0 |
| 2013-12-19 | CVE-2013-7113 | Improper Input Validation vulnerability in Wireshark epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.0 |
| 2013-12-19 | CVE-2013-7112 | Improper Input Validation vulnerability in Wireshark The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 5.0 |
| 2013-11-04 | CVE-2013-6340 | Improper Input Validation vulnerability in Wireshark epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 4.3 |
| 2013-11-04 | CVE-2013-6339 | Improper Input Validation vulnerability in Wireshark The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. | 4.3 |
| 2013-11-04 | CVE-2013-6338 | Improper Input Validation vulnerability in Wireshark The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 4.3 |
| 2013-11-04 | CVE-2013-6337 | Denial of Service vulnerability in Wireshark NBAP Dissector Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. network wireshark | 4.3 |