Vulnerabilities > Wireshark > High

DATE CVE VULNERABILITY TITLE RISK
2016-02-28 CVE-2016-2521 Permissions, Privileges, and Access Controls vulnerability in Wireshark
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
local
low complexity
wireshark CWE-264
7.8
2013-07-30 CVE-2013-4929 Numeric Errors vulnerability in Wireshark
The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet.
network
low complexity
wireshark CWE-189
7.8
2013-07-30 CVE-2013-4928 Numeric Errors vulnerability in Wireshark 1.10.0
Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
network
low complexity
wireshark CWE-189
7.8
2013-07-30 CVE-2013-4927 Numeric Errors vulnerability in Wireshark
Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
network
low complexity
wireshark CWE-189
7.8
2013-05-25 CVE-2013-3561 Numeric Errors vulnerability in multiple products
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
network
low complexity
debian opensuse wireshark CWE-189
7.8
2013-03-07 CVE-2013-2487 Numeric Errors vulnerability in multiple products
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486.
network
low complexity
debian opensuse wireshark CWE-189
7.8
2012-08-16 CVE-2012-4297 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet.
low complexity
wireshark sun CWE-119
8.3
2010-11-26 CVE-2010-4300 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark
Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.
network
low complexity
wireshark CWE-119
7.5
2010-06-15 CVE-2010-2287 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark
Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
low complexity
wireshark CWE-119
8.3
2010-06-15 CVE-2010-2284 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark
Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
low complexity
wireshark CWE-119
8.3