Vulnerabilities > Wireshark > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2023-0668 Out-of-bounds Write vulnerability in multiple products
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-05-30 CVE-2023-2952 Infinite Loop vulnerability in multiple products
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian CWE-835
6.5
6.5
2023-05-26 CVE-2023-2854 Out-of-bounds Write vulnerability in multiple products
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-05-26 CVE-2023-2855 Out-of-bounds Write vulnerability in multiple products
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-05-26 CVE-2023-2856 Out-of-bounds Write vulnerability in multiple products
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-05-26 CVE-2023-2857 Out-of-bounds Write vulnerability in multiple products
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-05-26 CVE-2023-2858 Out-of-bounds Write vulnerability in multiple products
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-04-12 CVE-2023-1994 Resource Exhaustion vulnerability in multiple products
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian fedoraproject CWE-400
6.5
6.5
2023-04-12 CVE-2023-1993 Excessive Iteration vulnerability in multiple products
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian fedoraproject CWE-834
6.5
6.5
2023-01-26 CVE-2023-0411 Excessive Iteration vulnerability in Wireshark
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark CWE-834
6.5
6.5