Vulnerabilities > Wireshark > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-26422 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark oracle CWE-120
5.3
2020-12-11 CVE-2020-26421 Out-of-bounds Read vulnerability in multiple products
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject debian oracle CWE-125
5.3
2020-12-11 CVE-2020-26420 Memory Leak vulnerability in multiple products
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject oracle CWE-401
5.3
2020-12-11 CVE-2020-26419 Memory Leak vulnerability in multiple products
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject oracle CWE-401
5.3
2020-12-11 CVE-2020-26418 Memory Leak vulnerability in multiple products
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject debian oracle CWE-401
5.3
2020-08-13 CVE-2020-17498 Double Free vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash.
network
low complexity
wireshark fedoraproject opensuse oracle CWE-415
6.5
2020-01-16 CVE-2020-7045 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash.
low complexity
wireshark debian CWE-476
6.5
2019-02-28 CVE-2019-9209 Off-by-one Error vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash.
local
low complexity
wireshark debian canonical opensuse CWE-193
5.5
2019-01-08 CVE-2019-5721 Use After Free vulnerability in Wireshark
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash.
local
low complexity
wireshark CWE-416
5.5
2019-01-08 CVE-2019-5719 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash.
local
low complexity
wireshark debian CWE-327
5.5