Vulnerabilities > Wireshark > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-12 CVE-2017-7700 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file.
network
low complexity
wireshark debian CWE-835
6.5
2016-11-17 CVE-2016-9376 Resource Management Errors vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file.
network
high complexity
wireshark debian CWE-399
5.9
2016-11-17 CVE-2016-9375 Resource Management Errors vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file.
network
high complexity
wireshark debian CWE-399
5.9
2016-11-17 CVE-2016-9374 Resource Management Errors vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file.
network
high complexity
wireshark debian CWE-399
5.9
2016-11-17 CVE-2016-9373 Use After Free vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file.
network
high complexity
wireshark debian CWE-416
5.9
2016-11-17 CVE-2016-9372 Resource Management Errors vulnerability in Wireshark 2.2.0/2.2.1
In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file.
network
high complexity
wireshark CWE-399
5.9
2016-09-09 CVE-2016-7180 Use After Free vulnerability in multiple products
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
network
high complexity
debian wireshark CWE-416
5.9
2016-09-09 CVE-2016-7179 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
network
high complexity
debian wireshark CWE-119
5.9
2016-09-09 CVE-2016-7178 Out-of-bounds Write vulnerability in multiple products
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.
network
high complexity
wireshark debian CWE-787
5.9
2016-09-09 CVE-2016-7177 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
network
high complexity
debian wireshark CWE-119
5.9