Vulnerabilities > Wireshark > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-11 CVE-2018-5335 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash.
network
low complexity
wireshark debian CWE-119
6.5
2018-01-11 CVE-2018-5334 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash.
network
low complexity
wireshark debian CWE-119
6.5
2017-06-14 CVE-2017-9617 Uncontrolled Recursion vulnerability in Wireshark 2.2.7
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
network
wireshark CWE-674
4.3
2017-06-14 CVE-2017-9616 Uncontrolled Recursion vulnerability in Wireshark 2.2.7
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.
network
wireshark CWE-674
4.3
2017-04-12 CVE-2017-7700 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file.
network
low complexity
wireshark debian CWE-835
6.5
2016-11-17 CVE-2016-9376 Resource Management Errors vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file.
network
high complexity
wireshark debian CWE-399
5.9
2016-11-17 CVE-2016-9375 Resource Management Errors vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file.
network
high complexity
wireshark debian CWE-399
5.9
2016-11-17 CVE-2016-9374 Resource Management Errors vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file.
network
high complexity
wireshark debian CWE-399
5.9
2016-11-17 CVE-2016-9373 Use After Free vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file.
network
high complexity
wireshark debian CWE-416
5.9
2016-11-17 CVE-2016-9372 Resource Management Errors vulnerability in Wireshark 2.2.0/2.2.1
In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file.
network
high complexity
wireshark CWE-399
5.9