Vulnerabilities > Wireshark > Wireshark > 1.4.6

DATE CVE VULNERABILITY TITLE RISK
2020-10-06 CVE-2020-26575 Infinite Loop vulnerability in multiple products
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop.
network
low complexity
wireshark fedoraproject debian oracle CWE-835
7.5
2018-07-20 CVE-2018-14438 Improper Input Validation vulnerability in Wireshark
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
network
low complexity
wireshark CWE-20
5.0
2018-02-08 CVE-2018-6836 Release of Invalid Pointer or Reference vulnerability in Wireshark
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
wireshark CWE-763
critical
9.8
2017-12-30 CVE-2017-17997 NULL Pointer Dereference vulnerability in multiple products
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes.
network
low complexity
wireshark debian CWE-476
7.5
2017-12-27 CVE-2017-17935 Out-of-bounds Read vulnerability in multiple products
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
network
low complexity
wireshark debian CWE-125
7.5
2017-02-17 CVE-2017-6014 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion.
network
low complexity
wireshark debian CWE-835
7.8
2012-08-16 CVE-2012-4296 Resource Management Errors vulnerability in multiple products
Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.
low complexity
wireshark opensuse sun CWE-399
3.3
2012-08-16 CVE-2012-4293 Numeric Errors vulnerability in multiple products
plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.
low complexity
opensuse sun wireshark CWE-189
3.3
2012-08-16 CVE-2012-4292 Improper Input Validation vulnerability in multiple products
The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
low complexity
wireshark opensuse sun CWE-20
3.3
2012-08-16 CVE-2012-4291 Resource Management Errors vulnerability in multiple products
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
3.3