Vulnerabilities > Wireshark > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2022-0585 Excessive Iteration vulnerability in multiple products
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-834
6.5
6.5
2021-12-30 CVE-2021-4183 Out-of-bounds Read vulnerability in multiple products
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
local
low complexity
wireshark fedoraproject oracle CWE-125
5.5
5.5
2021-04-23 CVE-2021-22207 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject oracle debian CWE-770
6.5
6.5
2020-12-21 CVE-2020-26422 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark oracle CWE-120
5.3
5.3
2020-12-11 CVE-2020-26421 Out-of-bounds Read vulnerability in multiple products
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject debian oracle CWE-125
5.3
5.3
2020-12-11 CVE-2020-26420 Memory Leak vulnerability in multiple products
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject oracle CWE-401
5.3
5.3
2020-12-11 CVE-2020-26419 Memory Leak vulnerability in multiple products
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject oracle CWE-401
5.3
5.3
2020-12-11 CVE-2020-26418 Memory Leak vulnerability in multiple products
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject debian oracle CWE-401
5.3
5.3
2020-08-13 CVE-2020-17498 Double Free vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash.
network
low complexity
wireshark fedoraproject opensuse oracle CWE-415
6.5
6.5
2020-01-16 CVE-2020-7045 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash.
low complexity
wireshark debian CWE-476
6.5
6.5