Vulnerabilities > Wireshark > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-02-08 | CVE-2011-0538 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. | 6.8 |
| 2011-01-13 | CVE-2011-0445 | Resource Management Errors vulnerability in Wireshark 1.4.0/1.4.1/1.4.2 The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. | 5.0 |
| 2010-11-26 | CVE-2010-4301 | Resource Management Errors vulnerability in Wireshark 1.4.0/1.4.1 epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. | 5.0 |
| 2010-11-26 | CVE-2010-3445 | Resource Management Errors vulnerability in Wireshark Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. | 5.0 |
| 2010-08-13 | CVE-2010-2993 | Improper Input Validation vulnerability in Wireshark The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | 5.0 |
| 2010-08-13 | CVE-2010-2992 | Unspecified vulnerability in Wireshark packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference. | 5.0 |
| 2010-05-12 | CVE-2010-1455 | Improper Input Validation vulnerability in multiple products The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. | 4.3 |
| 2009-12-21 | CVE-2009-4378 | Multiple vulnerability in Wireshark 0.9.0 through 1.2.4 The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." | 4.3 |
| 2009-12-21 | CVE-2009-4377 | Multiple vulnerability in Wireshark 0.9.0 through 1.2.4 The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap. network wireshark | 4.3 |
| 2009-10-30 | CVE-2009-3549 | Improper Input Validation vulnerability in Wireshark 1.2/1.2.0/1.2.1 packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. | 5.0 |