Vulnerabilities > Wireshark > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-04 CVE-2017-6467 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file.
network
low complexity
wireshark debian CWE-835
7.5
2017-02-17 CVE-2017-6014 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion.
network
low complexity
wireshark debian CWE-835
7.5
2017-01-25 CVE-2017-5597 Integer Overflow or Wraparound vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark CWE-190
7.5
2017-01-25 CVE-2017-5596 Infinite Loop vulnerability in Wireshark
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark CWE-835
7.5
2016-08-07 CVE-2016-5350 Resource Management Errors vulnerability in Wireshark
epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
network
low complexity
wireshark CWE-399
7.5
2016-02-28 CVE-2016-2521 Permissions, Privileges, and Access Controls vulnerability in Wireshark
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
local
low complexity
wireshark CWE-264
7.8
2006-10-28 CVE-2006-4574 Reachable Assertion vulnerability in Wireshark 0.10.1/0.99.2/0.99.3
Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.
network
low complexity
wireshark CWE-617
7.5